Failed updating etrust vet engine Best cam web nud girls

Rated 3.93/5 based on 916 customer reviews

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.

INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch

')O4 - Startup: O4 - Startup: TA_= C:\WINDOWS\system32\O4 - Startup: = C:\WINDOWS\system32\O4 - Global Startup: O8 - Extra context menu item: &Search - C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=big ten network NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&gfns=1&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=n NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&aq=t&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=roland R-8 dance card NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=snare sound chuckii boker turned away&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=isley brothers sheet music&hl=en&rls=RNWO, RNWO_2007-30, RNWO_en&start=10&sa=NNC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=isley brothers keyboard chords&hl=en&rls=RNWO, RNWO:2007-30, RNWO:en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=hip hop production&hl=en&rls=RNWO, RNWO:2007-30, RNWO:en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=drum machine sounds 90's snare&btn G=Search&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=//www_pbskids_or NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=synonym for objectivity&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=snare sound chuckii booker turned away&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=snare drum machine chuckii booker turned away&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=tube hip hop mastering NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=tube amp hip hop mastering NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=n&btn G=Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers chords NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers between sheets sheet music NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers between sheets chords NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=www_nick_com NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=www_disney_com NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=what is the primary composition of a comet&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=type 2 diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=type 2 diabetes more_condition_treatment&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col1&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for currency NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for coverage NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for authority NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for aobjectivity NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for accuracy NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=snare drum macjine chuckii booker turned away NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=roland r-8 dance card&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=questions pre-kindergarten parents should ask teachers NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=questions pre-kindergarten parents should ask during parent teacher conference&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=opinions about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=opinions about it takes a village to raise a child&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=it takes a village to raise a child&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes more_tests_diagnosis&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col2&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes more_condition_treatment&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col1&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes in children NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=definition of documentation NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=definition of documentation in reference to English NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=composition of a comet NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=chuckii booker drum machine NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=astronomy NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=articles about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=african american opinions about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&defl=en&q=define_documentation&sa=X&oi=glossary_definition&ct=title NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes more:tests_diagnosis NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes &btn G=Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_ig_directory_synd=toolbar&frontpage=1&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_fsatoronto_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_free-scores_com scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_football_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_findarticles_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_emedicinehealth_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_diabetes_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_cydjournal_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_cartoonnetwork_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_broadband_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_bradley_edu_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_autopartsgiant_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_ask_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_8notes_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTsports_yahoo_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTrond_starsdoor_com_ac_php_bannerid=10&zoneid=1&target=_blank&withtext=&source=&timeout=0&ct0=NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTpbskids_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTnews_google_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTmedia_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login__src=spt&partner=&_v=&_u=eddd74t3hnok2&_intl=us&_done= scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login__done=http___sports_yahoo_com/fantasy&_src=spt&_intl=us NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___edit_yahoo_com_config_eval_register__done=http___sports_yahoo_com/&_src=spt&_intl=us NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTen_wikipedia_org scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTdisney_go_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTbasketball_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTairforcebasemap_com_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTad_globalinteractive_com_click, GKEUAH2d Aw A1Cwg AQYw CAAIAAAAAAP8AAAACEAIAAg6Eg QAt MYAACX9Aw AAAAAAAAAAAAAAAAAAAAAAAAAAABPUE0c AAAAA,, NC scheduled to be moved on reboot. 2007-11-27 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys2007-11-27 . Current Boot Mode: Normal[Processes - Non-Microsoft Only]- Old Timer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 AM | Attr = ][Win32 Services - Non-Microsoft Only](Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] - Executive Software International, Inc.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Win AVX] C:\WINDOWS\System32\Win Av (User '? Zeno Search C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWDSREGT.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h (User '?

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Uniblue Registry Booster 2] C:\Program Files\Uniblue\Registry Booster 2\Registry /S (User '? VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_30.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Words] C:\Program Files\Words\(User '? New Dot Net C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL4_85.

d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER. INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch

')O4 - Startup: O4 - Startup: TA_= C:\WINDOWS\system32\O4 - Startup: = C:\WINDOWS\system32\O4 - Global Startup: O8 - Extra context menu item: &Search - C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=big ten network NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&gfns=1&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=n NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&aq=t&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=roland R-8 dance card NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=snare sound chuckii boker turned away&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=isley brothers sheet music&hl=en&rls=RNWO, RNWO_2007-30, RNWO_en&start=10&sa=NNC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=isley brothers keyboard chords&hl=en&rls=RNWO, RNWO:2007-30, RNWO:en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=hip hop production&hl=en&rls=RNWO, RNWO:2007-30, RNWO:en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=drum machine sounds 90's snare&btn G=Search&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=//www_pbskids_or NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=synonym for objectivity&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=snare sound chuckii booker turned away&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=snare drum machine chuckii booker turned away&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=tube hip hop mastering NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=tube amp hip hop mastering NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=n&btn G=Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers chords NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers between sheets sheet music NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers between sheets chords NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=www_nick_com NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=www_disney_com NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=what is the primary composition of a comet&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=type 2 diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=type 2 diabetes more_condition_treatment&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col1&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for currency NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for coverage NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for authority NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for aobjectivity NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for accuracy NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=snare drum macjine chuckii booker turned away NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=roland r-8 dance card&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=questions pre-kindergarten parents should ask teachers NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=questions pre-kindergarten parents should ask during parent teacher conference&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=opinions about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=opinions about it takes a village to raise a child&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=it takes a village to raise a child&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes more_tests_diagnosis&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col2&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes more_condition_treatment&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col1&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes in children NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=definition of documentation NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=definition of documentation in reference to English NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=composition of a comet NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=chuckii booker drum machine NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=astronomy NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=articles about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=african american opinions about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&defl=en&q=define_documentation&sa=X&oi=glossary_definition&ct=title NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes more:tests_diagnosis NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes &btn G=Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_ig_directory_synd=toolbar&frontpage=1&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_fsatoronto_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_free-scores_com scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_football_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_findarticles_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_emedicinehealth_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_diabetes_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_cydjournal_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_cartoonnetwork_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_broadband_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_bradley_edu_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_autopartsgiant_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_ask_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_8notes_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTsports_yahoo_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTrond_starsdoor_com_ac_php_bannerid=10&zoneid=1&target=_blank&withtext=&source=&timeout=0&ct0=NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTpbskids_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTnews_google_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTmedia_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login__src=spt&partner=&_v=&_u=eddd74t3hnok2&_intl=us&_done= scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login__done=http___sports_yahoo_com/fantasy&_src=spt&_intl=us NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___edit_yahoo_com_config_eval_register__done=http___sports_yahoo_com/&_src=spt&_intl=us NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTen_wikipedia_org scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTdisney_go_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTbasketball_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTairforcebasemap_com_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTad_globalinteractive_com_click, GKEUAH2d Aw A1Cwg AQYw CAAIAAAAAAP8AAAACEAIAAg6Eg QAt MYAACX9Aw AAAAAAAAAAAAAAAAAAAAAAAAAAABPUE0c AAAAA,, NC scheduled to be moved on reboot. 2007-11-27 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys2007-11-27 . Current Boot Mode: Normal[Processes - Non-Microsoft Only]- Old Timer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 AM | Attr = ][Win32 Services - Non-Microsoft Only](Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] - Executive Software International, Inc. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Win AVX] C:\WINDOWS\System32\Win Av (User '? Zeno Search C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWDSREGT. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h (User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Uniblue Registry Booster 2] C:\Program Files\Uniblue\Registry Booster 2\Registry /S (User '? VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_30. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Words] C:\Program Files\Words\(User '? New Dot Net C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL4_85.

d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch[[

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER. INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch\0d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch\0ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch\1759be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touch\3d35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touch\41b27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touch\4f7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touch\77b2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touch\91fbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar\2.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp\1cb C:\Temp\1cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully. The logs are as follows: Logfile of Trend Micro Hijack This v2.0.2Scan saved at PM, on 12/1/2007Platform: Windows XP SP1 (Win NT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\System32\C:\WINDOWS\system32\LEXBCES. EXEC:\Program Files\Trend Micro\Hijack This\Hijack R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = - URLSearch Hook: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Radio - - C:\WINDOWS\System32\O3 - Toolbar: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O3 - Toolbar: RX Toolbar - - C:\Program Files\RXTool Bar\RXTool (file missing)O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Ca Av Tray] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '? C:\Program Files\RXTool Bar\HTML moved successfully. C:\Program Files\RXTool Bar\graphics moved successfully. 2007-11-26 80,960 --a------ C:\WINDOWS\system32\sewalahx.dll2007-11-25 .

||

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.

INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch\0d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch\0ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch\1759be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touch\3d35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touch\41b27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touch\4f7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touch\77b2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touch\91fbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar\2.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp\1cb C:\Temp\1cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully.

]]ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch59be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touchd35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touchb27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touchf7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touchb2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touchfbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER. INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch\0d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch\0ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch\1759be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touch\3d35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touch\41b27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touch\4f7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touch\77b2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touch\91fbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar\2.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp\1cb C:\Temp\1cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully. The logs are as follows: Logfile of Trend Micro Hijack This v2.0.2Scan saved at PM, on 12/1/2007Platform: Windows XP SP1 (Win NT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\System32\C:\WINDOWS\system32\LEXBCES. EXEC:\Program Files\Trend Micro\Hijack This\Hijack R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = - URLSearch Hook: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Radio - - C:\WINDOWS\System32\O3 - Toolbar: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O3 - Toolbar: RX Toolbar - - C:\Program Files\RXTool Bar\RXTool (file missing)O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Ca Av Tray] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '? C:\Program Files\RXTool Bar\HTML moved successfully. C:\Program Files\RXTool Bar\graphics moved successfully. 2007-11-26 80,960 --a------ C:\WINDOWS\system32\sewalahx.dll2007-11-25 .

||

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.

INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch\0d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch\0ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch\1759be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touch\3d35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touch\41b27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touch\4f7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touch\77b2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touch\91fbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar\2.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp\1cb C:\Temp\1cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully.

cb C:\Temp

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER. INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch\0d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch\0ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch\1759be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touch\3d35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touch\41b27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touch\4f7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touch\77b2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touch\91fbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar\2.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp\1cb C:\Temp\1cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully. The logs are as follows: Logfile of Trend Micro Hijack This v2.0.2Scan saved at PM, on 12/1/2007Platform: Windows XP SP1 (Win NT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\System32\C:\WINDOWS\system32\LEXBCES. EXEC:\Program Files\Trend Micro\Hijack This\Hijack R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = - URLSearch Hook: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Radio - - C:\WINDOWS\System32\O3 - Toolbar: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O3 - Toolbar: RX Toolbar - - C:\Program Files\RXTool Bar\RXTool (file missing)O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Ca Av Tray] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '? C:\Program Files\RXTool Bar\HTML moved successfully. C:\Program Files\RXTool Bar\graphics moved successfully. 2007-11-26 80,960 --a------ C:\WINDOWS\system32\sewalahx.dll2007-11-25 .

||

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.

INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch\0d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch\0ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch\1759be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touch\3d35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touch\41b27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touch\4f7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touch\77b2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touch\91fbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar\2.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp\1cb C:\Temp\1cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully.

cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully. The logs are as follows: Logfile of Trend Micro Hijack This v2.0.2Scan saved at PM, on 12/1/2007Platform: Windows XP SP1 (Win NT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\System32\C:\WINDOWS\system32\LEXBCES. EXEC:\Program Files\Trend Micro\Hijack This\Hijack R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = - URLSearch Hook: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Radio - - C:\WINDOWS\System32\O3 - Toolbar: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O3 - Toolbar: RX Toolbar - - C:\Program Files\RXTool Bar\RXTool (file missing)O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Ca Av Tray] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '? C:\Program Files\RXTool Bar\HTML moved successfully. C:\Program Files\RXTool Bar\graphics moved successfully. 2007-11-26 80,960 --a------ C:\WINDOWS\system32\sewalahx.dll2007-11-25 .

ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch59be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touchd35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touchb27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touchf7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touchb2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touchfbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER. INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch\0d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch\0ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch\1759be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touch\3d35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touch\41b27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touch\4f7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touch\77b2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touch\91fbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar\2.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp\1cb C:\Temp\1cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully. The logs are as follows: Logfile of Trend Micro Hijack This v2.0.2Scan saved at PM, on 12/1/2007Platform: Windows XP SP1 (Win NT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\System32\C:\WINDOWS\system32\LEXBCES. EXEC:\Program Files\Trend Micro\Hijack This\Hijack R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = - URLSearch Hook: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Radio - - C:\WINDOWS\System32\O3 - Toolbar: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O3 - Toolbar: RX Toolbar - - C:\Program Files\RXTool Bar\RXTool (file missing)O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Ca Av Tray] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '? C:\Program Files\RXTool Bar\HTML moved successfully. C:\Program Files\RXTool Bar\graphics moved successfully. 2007-11-26 80,960 --a------ C:\WINDOWS\system32\sewalahx.dll2007-11-25 .

||

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.

INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch\0d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch\0ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch\1759be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touch\3d35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touch\41b27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touch\4f7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touch\77b2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touch\91fbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar\2.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp\1cb C:\Temp\1cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully.

cb C:\Temp

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER. INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch\0d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch\0ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch\1759be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touch\3d35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touch\41b27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touch\4f7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touch\77b2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touch\91fbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar\2.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp\1cb C:\Temp\1cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully. The logs are as follows: Logfile of Trend Micro Hijack This v2.0.2Scan saved at PM, on 12/1/2007Platform: Windows XP SP1 (Win NT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: Normal Running processes: C:\WINDOWS\System32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\System32\C:\WINDOWS\system32\LEXBCES. EXEC:\Program Files\Trend Micro\Hijack This\Hijack R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = - URLSearch Hook: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Radio - - C:\WINDOWS\System32\O3 - Toolbar: Yahoo! \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O3 - Toolbar: RX Toolbar - - C:\Program Files\RXTool Bar\RXTool (file missing)O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Ca Av Tray] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '? C:\Program Files\RXTool Bar\HTML moved successfully. C:\Program Files\RXTool Bar\graphics moved successfully. 2007-11-26 80,960 --a------ C:\WINDOWS\system32\sewalahx.dll2007-11-25 .

||

p=KLO8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. Now to clear the orphans Download and then run Super Antispyware Thanks again for all your help. \Companion\Installs\cpn\O3 - Toolbar: &Google - - c:\program files\google\googletoolbar2O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\e Trust EZ Armor\e Trust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [Quick Time Task] "C:\Program Files\Quick Time\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\Google Toolbar Notifier\Google Toolbar O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h O4 - HKCU\..\Run: [SUPERAnti Spyware] C:\Program Files\SUPERAnti Spyware\SUPERAnti O4 - Global Startup: Adobe Gamma = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\Net Transport 2\NTAdd O9 - Extra button: (no name) - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra 'Tools' menuitem: Sun Java Console - - C:\Program Files\Java\jre1.6.0_02\bin\O9 - Extra button: Messenger - - C:\Program Files\Messenger\O9 - Extra 'Tools' menuitem: Windows Messenger - - C:\Program Files\Messenger\O10 - Unknown file in Winsock LSP: c:\windows\system32\O14 - IERESET. VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.

INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: - - DPF: (Web P2P Installer) - O16 - DPF: (CInstall Class) - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: (CWeb Launch Ctl Object) - - DPF: - - Filter hijack: text/html - - C:\Program Files\RXTool Bar\O20 - App Init_DLLs: C:\WINDOWS\System32\O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\O23 - Service: Ares Chatroom server (Ares Chat Server) - Ares Development Group - C:\Program Files\Ares Ultra\chat O23 - Service: Diskeeper - Executive Software International, Inc. What can I do as regular maintenance to stay malware-free for the future? INF: START_PAGE_URL= - Trusted Zone: *.O15 - Trusted Zone: *.(HKLM)O16 - DPF: (Microsoft Data Collection Control) - https://.X/O16 - DPF: - - DPF: (PPSDKActive XScanner. 1189466167778O16 - DPF: - AX27O16 - DPF: - - Winlogon Notify: ! Click Spring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [rkwk] C:\PROGRA~1\COMMON~1\rkwk\(User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Insider] C:\Program Files\Insider\(User '? C:\Documents and Settings\All Users\Application Data.\winantispyware 2007C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Product Code C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\Win Anti Spyware 2007\Data\Product Code C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Dante\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Dante\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Dante\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Dante\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Debracca\Start Menu\Programs\Startup\C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007C:\Documents and Settings\ronnie bradford\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\C:\Documents and Settings\ronnie bradford\Application Data\Win Touch\Win C:\Documents and Settings\ronnie bradford\C:\Documents and Settings\ronnie bradford\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007C:\Documents and Settings\Zachary\Application Data\Win Anti Spyware 2007\Logs\C:\Documents and Settings\Zachary\Application Data\Win Touch C:\Documents and Settings\Zachary\Application Data\Win Touch\0d8feebbf3d8533029c48f7996c2de9d C:\Documents and Settings\Zachary\Application Data\Win Touch\0ef256627ca02d774883e22b5b3478f8C:\Documents and Settings\Zachary\Application Data\Win Touch\1759be4245b32c372f87c9b11a3e90d0C:\Documents and Settings\Zachary\Application Data\Win Touch\3d35e5456f39db309b4d716a217a88bc C:\Documents and Settings\Zachary\Application Data\Win Touch\41b27979637e89c521b67b9a88c806dc C:\Documents and Settings\Zachary\Application Data\Win Touch\4f7461668c73628b697fa4ea5a477020C:\Documents and Settings\Zachary\Application Data\Win Touch\77b2956bbd0b4e89a65d5a2f43c356d1C:\Documents and Settings\Zachary\Application Data\Win Touch\91fbe16e6dfa824a41c1d20e0e4550bd C:\Documents and Settings\Zachary\Application Data\Win Touch\cc4d6add2c45b51baaff06662c3dd1b7C:\Documents and Settings\Zachary\Application Data\Win Touch\decff24f18524312e26478336e8fec07C:\Documents and Settings\Zachary\Application Data\Win Touch\f62bafa43ab82f6ce54b4c4b6b359bfb C:\Documents and Settings\Zachary\Application Data\Win Touch\faa31ef93cccc897dc0449516f96964e C:\Documents and Settings\Zachary\Application Data\Win Touch\C:\Documents and Settings\Zachary\Application Data\Win Touch\Win C:\Documents and Settings\Zachary\Desktop\Find Spyware C:\Documents and Settings\Zachary\Desktop\Free Online C:\Documents and Settings\Zachary\Desktop\Go to C:\Documents and Settings\Zachary\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\ta_C:\Documents and Settings\Zachary\Start Menu\Programs\Startup\C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1122Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\Common Files\Yazzle1281Oin C:\Program Files\i Mesh Bar C:\Program Files\i Mesh Bar\bar\2.bin\IMESHBAR. C:\Program Files\Need2Find\bar\History\search scheduled to be moved on reboot.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Art Chk] C:\WINDOWS\System32\(User '? DLLC:\Program Files\i Mesh Bar\bar\History\search C:\Program Files\inetget2C:\Program Files\inetget2\C:\Program Files\Insider C:\Program Files\Insider\C:\Program Files\Insider\Un C:\Program Files\Temporary C:\Program Files\ucleaner_C:\Program Files\Ultimate Cleaner C:\Program Files\video activex access C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\video activex access\C:\Program Files\Words C:\Program Files\Words\C:\Program Files\Words\C:\Program Files\Words\C:\temp\b9C:\Temp\1cb C:\Temp\1cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully.

cb\C:\Temp\ab W9C:\Temp\ab W9\t C:\Temp\fse C:\Temp\fse\tmp C:\temp\iee C:\WINDOWS\C:\WINDOWS\b104C:\WINDOWS\b128C:\WINDOWS\C:\WINDOWS\Downloaded Program Files\ODCTOOLSC:\WINDOWS\Fonts\C:\WINDOWS\Fonts\acrsec C:\WINDOWS\Free Online C:\WINDOWS\C:\WINDOWS\NDNuninstall4_85C:\WINDOWS\NDNuninstall6_30C:\WINDOWS\C:\WINDOWS\Spyware C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\drivers\C:\WINDOWS\system32\C:\WINDOWS\system32\f02Wt RC:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\msnav32C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\o02Pr Ez C:\WINDOWS\system32\o02Pr Ez\o02Pr Ez1065C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\silc_C:\WINDOWS\system32\C:\WINDOWS\system32\C:\WINDOWS\system32\Win Av C:\WINDOWS\system32\winpfz32C:\WINDOWS\system32\C:\WINDOWS\system32\wyyay.ini2C:\WINDOWS\system32\C:\WINDOWS\system32\zxdnt3C:\WINDOWS\((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPN-------\LEGACY_NPF-------\Api Mon((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))).2007-11-27 . C:\Program Files\Need2Find\bar\Settings moved successfully. C:\Program Files\Need2Find\bar\History moved successfully.

failed updating etrust vet engine-23

failed updating etrust vet engine-7

failed updating etrust vet engine-8

failed updating etrust vet engine-83

[[

')O4 - Startup: O4 - Startup: TA_= C:\WINDOWS\system32\O4 - Startup: = C:\WINDOWS\system32\O4 - Global Startup: O8 - Extra context menu item: &Search - C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=big ten network NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&gfns=1&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=n NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&aq=t&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=roland R-8 dance card NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=snare sound chuckii boker turned away&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=isley brothers sheet music&hl=en&rls=RNWO, RNWO_2007-30, RNWO_en&start=10&sa=NNC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=isley brothers keyboard chords&hl=en&rls=RNWO, RNWO:2007-30, RNWO:en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=hip hop production&hl=en&rls=RNWO, RNWO:2007-30, RNWO:en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=drum machine sounds 90's snare&btn G=Search&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=//www_pbskids_or NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=synonym for objectivity&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=snare sound chuckii booker turned away&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=snare drum machine chuckii booker turned away&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=tube hip hop mastering NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=tube amp hip hop mastering NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=n&btn G=Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers chords NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers between sheets sheet music NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers between sheets chords NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=www_nick_com NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=www_disney_com NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=what is the primary composition of a comet&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=type 2 diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=type 2 diabetes more_condition_treatment&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col1&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for currency NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for coverage NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for authority NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for aobjectivity NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for accuracy NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=snare drum macjine chuckii booker turned away NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=roland r-8 dance card&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=questions pre-kindergarten parents should ask teachers NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=questions pre-kindergarten parents should ask during parent teacher conference&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=opinions about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=opinions about it takes a village to raise a child&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=it takes a village to raise a child&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes more_tests_diagnosis&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col2&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes more_condition_treatment&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col1&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes in children NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=definition of documentation NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=definition of documentation in reference to English NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=composition of a comet NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=chuckii booker drum machine NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=astronomy NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=articles about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=african american opinions about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&defl=en&q=define_documentation&sa=X&oi=glossary_definition&ct=title NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes more:tests_diagnosis NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes &btn G=Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_ig_directory_synd=toolbar&frontpage=1&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_fsatoronto_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_free-scores_com scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_football_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_findarticles_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_emedicinehealth_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_diabetes_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_cydjournal_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_cartoonnetwork_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_broadband_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_bradley_edu_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_autopartsgiant_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_ask_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_8notes_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTsports_yahoo_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTrond_starsdoor_com_ac_php_bannerid=10&zoneid=1&target=_blank&withtext=&source=&timeout=0&ct0=NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTpbskids_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTnews_google_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTmedia_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login__src=spt&partner=&_v=&_u=eddd74t3hnok2&_intl=us&_done= scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login__done=http___sports_yahoo_com/fantasy&_src=spt&_intl=us NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___edit_yahoo_com_config_eval_register__done=http___sports_yahoo_com/&_src=spt&_intl=us NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTen_wikipedia_org scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTdisney_go_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTbasketball_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTairforcebasemap_com_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTad_globalinteractive_com_click, GKEUAH2d Aw A1Cwg AQYw CAAIAAAAAAP8AAAACEAIAAg6Eg QAt MYAACX9Aw AAAAAAAAAAAAAAAAAAAAAAAAAAABPUE0c AAAAA,, NC scheduled to be moved on reboot. 2007-11-27 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys2007-11-27 . Current Boot Mode: Normal[Processes - Non-Microsoft Only]- Old Timer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 AM | Attr = ][Win32 Services - Non-Microsoft Only](Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] - Executive Software International, Inc.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Win AVX] C:\WINDOWS\System32\Win Av (User '? Zeno Search C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWDSREGT.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h (User '?

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Uniblue Registry Booster 2] C:\Program Files\Uniblue\Registry Booster 2\Registry /S (User '? VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_30.

')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Words] C:\Program Files\Words\(User '? New Dot Net C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL4_85.

||

')O4 - Startup: O4 - Startup: TA_= C:\WINDOWS\system32\O4 - Startup: = C:\WINDOWS\system32\O4 - Global Startup: O8 - Extra context menu item: &Search - C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=big ten network NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&gfns=1&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=n NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_sourceid=navclient&aq=t&ie=UTF-8&rls=RNWO, RNWO_2007-30, RNWO_en&q=roland R-8 dance card NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=snare sound chuckii boker turned away&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=isley brothers sheet music&hl=en&rls=RNWO, RNWO_2007-30, RNWO_en&start=10&sa=NNC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=isley brothers keyboard chords&hl=en&rls=RNWO, RNWO:2007-30, RNWO:en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=hip hop production&hl=en&rls=RNWO, RNWO:2007-30, RNWO:en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=drum machine sounds 90's snare&btn G=Search&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_q=//www_pbskids_or NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=synonym for objectivity&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=snare sound chuckii booker turned away&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=snare drum machine chuckii booker turned away&spell=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=tube hip hop mastering NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=tube amp hip hop mastering NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=n&btn G=Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers chords NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers between sheets sheet music NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&rls=RNWO, RNWO:2007-30, RNWO:en&q=isley brothers between sheets chords NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=www_nick_com NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=www_disney_com NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=what is the primary composition of a comet&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=type 2 diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=type 2 diabetes more_condition_treatment&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col1&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for currency NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for coverage NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for authority NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for aobjectivity NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=synonym for accuracy NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=snare drum macjine chuckii booker turned away NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=roland r-8 dance card&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=questions pre-kindergarten parents should ask teachers NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=questions pre-kindergarten parents should ask during parent teacher conference&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=opinions about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=opinions about it takes a village to raise a child&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=it takes a village to raise a child&btn G=Google Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes more_tests_diagnosis&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col2&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes more_condition_treatment&cx=disease_for_patients&sa=N&oi=cooptsr&resnum=0&ct=col1&cd=1NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=diabetes in children NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=definition of documentation NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=definition of documentation in reference to English NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=composition of a comet NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=chuckii booker drum machine NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=astronomy NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=articles about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&q=african american opinions about it takes a village to raise a child NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&defl=en&q=define_documentation&sa=X&oi=glossary_definition&ct=title NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes more:tests_diagnosis NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_search_hl=en&cx=disease_for_patients&q=diabetes &btn G=Search NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_google_com_ig_directory_synd=toolbar&frontpage=1&hl=en NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_fsatoronto_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_free-scores_com scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_football_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_findarticles_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_emedicinehealth_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_diabetes_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_cydjournal_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_cartoonnetwork_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_broadband_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_bradley_edu_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_autopartsgiant_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_ask_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTwww_8notes_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTsports_yahoo_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTrond_starsdoor_com_ac_php_bannerid=10&zoneid=1&target=_blank&withtext=&source=&timeout=0&ct0=NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTpbskids_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTnews_google_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTmedia_org_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login__src=spt&partner=&_v=&_u=eddd74t3hnok2&_intl=us&_done= scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login__done=http___sports_yahoo_com/fantasy&_src=spt&_intl=us NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___login_yahoo_com_config_login_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CThttps___edit_yahoo_com_config_eval_register__done=http___sports_yahoo_com/&_src=spt&_intl=us NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTen_wikipedia_org scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTdisney_go_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTbasketball_com_ scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTairforcebasemap_com_NC scheduled to be moved on reboot. C:\Program Files\RXTool Bar\Cache\CTad_globalinteractive_com_click, GKEUAH2d Aw A1Cwg AQYw CAAIAAAAAAP8AAAACEAIAAg6Eg QAt MYAACX9Aw AAAAAAAAAAAAAAAAAAAAAAAAAAABPUE0c AAAAA,, NC scheduled to be moved on reboot. 2007-11-27 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys2007-11-27 . Current Boot Mode: Normal[Processes - Non-Microsoft Only]- Old Timer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 AM | Attr = ][Win32 Services - Non-Microsoft Only](Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] - Executive Software International, Inc. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Win AVX] C:\WINDOWS\System32\Win Av (User '? Zeno Search C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWDSREGT. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h (User '? ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Uniblue Registry Booster 2] C:\Program Files\Uniblue\Registry Booster 2\Registry /S (User '? VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_30. ')O4 - HKUS\S-1-5-21-3883782145-84769854-2968723906-1007\..\Run: [Words] C:\Program Files\Words\(User '? New Dot Net C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL4_85.

]]

Leave a Reply

  1. jeanine mason dating 27-Feb-2020 13:10

    Computer chat is free advice on your computer problems.