Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log


  • This topic is locked This topic is locked
10 replies to this topic

#1 sweatyteddy

sweatyteddy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 11 July 2004 - 01:53 AM

Logfile of HijackThis v1.98.0
Scan saved at 1:46:29 AM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Kazaa Lite K++\Kazaa.kpp
C:\Program Files\Washer\washer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\UltimateBuddy\UltimateBuddy.exe
C:\Program Files\Quark\QuarkXPress\QuarkXPress.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\SYSTEM32\MSPAINT.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OWENMO~1\LOCALS~1\Temp\Rar$EX00.977\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://localhost;<local>
O2 - BHO: (no name) - {07900326-1DE2-DFD4-67F8-550D4EA09FD2} - C:\WINDOWS\System32\heuifvic.dll
O2 - BHO: (no name) - {6A5F1215-9809-A5AE-CCF1-BAE1AE6C3D0D} - C:\WINDOWS\System32\zanxepze.dll
O2 - BHO: (no name) - {9685178C-20DF-614C-F746-CA7A5CB7EE3F} - C:\WINDOWS\System32\qnjwsamp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\Kazaa.kpp" /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [wqkgfnbz] C:\WINDOWS\jusvvtzy.exe
O4 - HKLM\..\Run: [DWAYMXITA] C:\WINDOWS\DWAYMXITA.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe
O4 - HKLM\..\Run: [DGJMQ] C:\WINDOWS\DGJMQ.exe
O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//] c:\WINDOWS\System32\<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKLM\..\Run: [<title>the domain beneditutti.com is under construction</ti] c:\WINDOWS\System32\<title>the domain beneditutti.com is under construction</title>
O4 - HKLM\..\Run: [<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.c] c:\WINDOWS\System32\<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.com">
O4 - HKLM\..\Run: [<meta name="keywords" content="beneditutti.c] c:\WINDOWS\System32\<meta name="keywords" content="beneditutti.com">
O4 - HKLM\..\Run: [<meta http-equiv="imagetoolbar" CONTENT="] c:\WINDOWS\System32\<meta http-equiv="imagetoolbar" CONTENT="no">
O4 - HKLM\..\Run: [<meta name="resource-type" content="docume] c:\WINDOWS\System32\<meta name="resource-type" content="document">
O4 - HKLM\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKLM\..\Run: [<meta name="classification" content="Intern] c:\WINDOWS\System32\<meta name="classification" content="Internet">
O4 - HKLM\..\Run: [<meta name="robots" content="A] c:\WINDOWS\System32\<meta name="robots" content="ALL">
O4 - HKLM\..\Run: [<meta name="distribution" content="Glob] c:\WINDOWS\System32\<meta name="distribution" content="Global">
O4 - HKLM\..\Run: [<meta name="rating" content="A] c:\WINDOWS\System32\<meta name="rating" content="All">
O4 - HKLM\..\Run: [<meta name="doc-class" content="Complet] c:\WINDOWS\System32\<meta name="doc-class" content="Completed">
O4 - HKLM\..\Run: [<meta http-equiv="Content-Type" content="text/html; charset=iso-8859] c:\WINDOWS\System32\<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="http://parked.directnic.com/newstyle.css" type="text/c] c:\WINDOWS\System32\<link rel="stylesheet" href="http://parked.directnic.com/newstyle.css" type="text/css">
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKLM\..\Run: [<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#000] c:\WINDOWS\System32\<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#0000ff>
O4 - HKLM\..\Run: [<table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\<table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a><] c:\WINDOWS\System32\ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a></td>
O4 - HKLM\..\Run: [ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.<] c:\WINDOWS\System32\ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.</td>
O4 - HKLM\..\Run: [ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"><] c:\WINDOWS\System32\ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"></td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"><] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"></td>
O4 - HKLM\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> <] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> </td>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"></td>
O4 - HKLM\..\Run: [</ta] c:\WINDOWS\System32\</table>
O4 - HKLM\..\Run: [<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EB] c:\WINDOWS\System32\<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EBF0">
O4 - HKLM\..\Run: [ <form method=get action="http://parked.directnic.com/result.p] c:\WINDOWS\System32\ <form method=get action="http://parked.directnic.com/result.php">
O4 - HKLM\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - HKLM\..\Run: [ <input type="hidden" name="search" value=] c:\WINDOWS\System32\ <input type="hidden" name="search" value="Y">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfie] c:\WINDOWS\System32\ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfield">
O4 - HKLM\..\Run: [ <input type="submit" name="Submit" value="Search" class="subm] c:\WINDOWS\System32\ <input type="submit" name="Submit" value="Search" class="submit">
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ </f] c:\WINDOWS\System32\ </form>
O4 - HKLM\..\Run: [ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Sear] c:\WINDOWS\System32\ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Searches
O4 - HKLM\..\Run: [ by Category<] c:\WINDOWS\System32\ by Category</td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10></td>
O4 - HKLM\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td valign="top" width="3] c:\WINDOWS\System32\ <td valign="top" width="33%">
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a><] c:\WINDOWS\System32\ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a></td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td valign=top class=linkl] c:\WINDOWS\System32\ <td valign=top class=linklist>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br></td>
O4 - HKLM\..\Run: [ </table><] c:\WINDOWS\System32\ </table></td>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2></td>
O4 - HKLM\..\Run: [ <td bgcolor="#99CC66" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1" class="wheader">Travel</a><] c:\WINDOWS\System32\ <td bgcolor="#99CC66" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1" class="wheader">Travel</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=adventure+travel&host=beneditutti.com&cat=1">Adventure Travel</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=adventure+travel&host=beneditutti.com&cat=1">Adventure Travel</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=vacation&host=beneditutti.com&cat=1">Vacation</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=vacation&host=beneditutti.com&cat=1">Vacation</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=airline+ticket&host=beneditutti.com&cat=1">Airline Ticket</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=airline+ticket&host=beneditutti.com&cat=1">Airline Ticket</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=hotel&host=beneditutti.com&cat=1">Hotel</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=hotel&host=beneditutti.com&cat=1">Hotel</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1">Travel</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1">Travel</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=map&host=beneditutti.com&cat=1">Map</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=map&host=beneditutti.com&cat=1">Map</a><br></td>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2></td>
O4 - HKLM\..\Run: [ <td valign="t] c:\WINDOWS\System32\ <td valign="top">
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#00CC99" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&cat=1" class="wheader">Hobbies</a><] c:\WINDOWS\System32\ <td bgcolor="#00CC99" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&cat=1" class="wheader">Hobbies</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=craft&host=beneditutti.com&cat=1">Craft</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=craft&host=beneditutti.com&cat=1">Craft</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=cooking&host=beneditutti.com&cat=1">Cooking</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=cooking&host=beneditutti.com&cat=1">Cooking</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+decorating&host=beneditutti.com&cat=1">Home Decorating</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+decorating&host=beneditutti.com&cat=1">Home Decorating</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=sports&host=beneditutti.com&cat=1">Sports</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=sports&host=beneditutti.com&cat=1">Sports</a><br></td>
O4 - HKLM\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <td> <] c:\WINDOWS\System32\ <td> </td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#999999" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&cat=1" class="wheader">Entertainment</a><] c:\WINDOWS\System32\ <td bgcolor="#999999" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&cat=1" class="wheader">Entertainment</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gambling&host=beneditutti.com&cat=1">Gambling</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gambling&host=beneditutti.com&cat=1">Gambling</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=movie&host=beneditutti.com&cat=1">Movie</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=movie&host=beneditutti.com&cat=1">Movie</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=music&host=beneditutti.com&cat=1">Music</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=music&host=beneditutti.com&cat=1">Music</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=game&host=beneditutti.com&cat=1">Game</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=game&host=beneditutti.com&cat=1">Game</a><br>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <td bgcolor="#990000" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&cat=1" class="wheader">Finance</a><] c:\WINDOWS\System32\ <td bgcolor="#990000" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&cat=1" class="wheader">Finance</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=loan&host=beneditutti.com&cat=1">Loan</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=loan&host=beneditutti.com&cat=1">Loan</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=investing&host=beneditutti.com&cat=1">Investing</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=investing&host=beneditutti.com&cat=1">Investing</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=insurance&host=beneditutti.com&cat=1">Insurance</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=insurance&host=beneditutti.com&cat=1">Insurance</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=credit+card&host=beneditutti.com&cat=1">Credit Card</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=credit+card&host=beneditutti.com&cat=1">Credit Card</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=stock&host=beneditutti.com&cat=1">Stock</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=stock&host=beneditutti.com&cat=1">Stock</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=real+estate&host=beneditutti.com&cat=1">Real Estate</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=real+estate&host=beneditutti.com&cat=1">Real Estate</a><br></td>
O4 - HKLM\..\Run: [ <td bgcolor="#3399FF" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1" class="wheader">Gifts</a><] c:\WINDOWS\System32\ <td bgcolor="#3399FF" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1" class="wheader">Gifts</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+basket&host=beneditutti.com&cat=1">Gift Basket</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+basket&host=beneditutti.com&cat=1">Gift Basket</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+certificate&host=beneditutti.com&cat=1">Gift Certificate</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+certificate&host=beneditutti.com&cat=1">Gift Certificate</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=flower&host=beneditutti.com&cat=1">Flower</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=flower&host=beneditutti.com&cat=1">Flower</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wedding+gift&host=beneditutti.com&cat=1">Wedding Gift</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wedding+gift&host=beneditutti.com&cat=1">Wedding Gift</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wine&host=beneditutti.com&cat=1">Wine</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wine&host=beneditutti.com&cat=1">Wine</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=jewelry&host=beneditutti.com&cat=1">Jewelry</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=jewelry&host=beneditutti.com&cat=1">Jewelry</a><br></td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#FF6600" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&cat=1" class="wheader">Shopping</a><] c:\WINDOWS\System32\ <td bgcolor="#FF6600" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&cat=1" class="wheader">Shopping</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1">Gift</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1">Gift</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=car&host=beneditutti.com&cat=1">Car</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=car&host=beneditutti.com&cat=1">Car</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=book&host=beneditutti.com&cat=1">Book</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=book&host=beneditutti.com&cat=1">Book</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=electronics&host=beneditutti.com&cat=1">Electronics</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=electronics&host=beneditutti.com&cat=1">Electronics</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=toy&host=beneditutti.com&cat=1">Toy</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=toy&host=beneditutti.com&cat=1">Toy</a><br></td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#333399" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&cat=1" class="wheader">Home</a><] c:\WINDOWS\System32\ <td bgcolor="#333399" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&cat=1" class="wheader">Home</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+loan&host=beneditutti.com&cat=1">Home Loan</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+loan&host=beneditutti.com&cat=1">Home Loan</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+improvement&host=beneditutti.com&cat=1">Home Improvement</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+improvement&host=beneditutti.com&cat=1">Home Improvement</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+buying&host=beneditutti.com&cat=1">Home Buying</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+buying&host=beneditutti.com&cat=1">Home Buying</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=interior+design&host=beneditutti.com&cat=1">Interior Design</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=interior+design&host=beneditutti.com&cat=1">Interior Design</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=pets&host=beneditutti.com&cat=1">Pets</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=pets&host=beneditutti.com&cat=1">Pets</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br></td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#FF0033" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&cat=1" class="wheader">Health</a><] c:\WINDOWS\System32\ <td bgcolor="#FF0033" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&cat=1" class="wheader">Health</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=life+insurance&host=beneditutti.com&cat=1">Life Insurance</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=life+insurance&host=beneditutti.com&cat=1">Life Insurance</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=health+insurance&host=beneditutti.com&cat=1">Health Insurance</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=health+insurance&host=beneditutti.com&cat=1">Health Insurance</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=weight+loss&host=beneditutti.com&cat=1">Weight Loss</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=weight+loss&host=beneditutti.com&cat=1">Weight Loss</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=nutrition&host=beneditutti.com&cat=1">Nutrition</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=nutrition&host=beneditutti.com&cat=1">Nutrition</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=womens+health&host=beneditutti.com&cat=1">Womens Health</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=womens+health&host=beneditutti.com&cat=1">Womens Health</a><br></td>
O4 - HKLM\..\Run: [ </table><] c:\WINDOWS\System32\ </table></td>
O4 - HKLM\..\Run: [ <td width="175" align="right" valign="top"> <table border=0 cellspacing=0 cellpadding=0 width=] c:\WINDOWS\System32\ <td width="175" align="right" valign="top"> <table border=0 cellspacing=0 cellpadding=0 width=174>
O4 - HKLM\..\Run: [ <td height=25 bgcolor="#003399" class="whiteh2">Popular Categories<] c:\WINDOWS\System32\ <td height=25 bgcolor="#003399" class="whiteh2">Popular Categories</td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&side=1" class=category>Finance</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&side=1" class=category>Finance</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#D3DBE4><img src="http://parked.directnic.com/images/spacer.gif" height=1 width=174><] c:\WINDOWS\System32\ <td bgcolor=#D3DBE4><img src="http://parked.directnic.com/images/spacer.gif" height=1 width=174></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&side=1" class="category">Travel</a><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&side=1" class="category">Travel</a></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&side=1" class=category>Gifts</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&side=1" class=category>Gifts</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&side=1" class=category>Home</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&side=1" class=category>Home</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&side=1" class=category>Health</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&side=1" class=category>Health</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&side=1" class=category>Entertainment</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&side=1" class=category>Entertainment</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&side=1" class=category>Shopping</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&side=1" class=category>Shopping</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&side=1" class=category>Computing</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&side=1" class=category>Computing</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&side=1" class=category>Hobbies</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&side=1" class=category>Hobbies</A></td>
O4 - HKLM\..\Run: [<!-- Tracking] c:\WINDOWS\System32\<!-- Tracking -->
O4 - HKLM\..\Run: [<script language="Javascri] c:\WINDOWS\System32\<script language="Javascript">
O4 - HKLM\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKLM\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKLM\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKLM\..\Run: [if (location.hos] c:\WINDOWS\System32\if (location.host) {
O4 - HKLM\..\Run: [ var domain_name = '&d=' + location.h] c:\WINDOWS\System32\ var domain_name = '&d=' + location.host;
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [ var domain_name = '&d=unkno] c:\WINDOWS\System32\ var domain_name = '&d=unknown';
O4 - HKLM\..\Run: [if (document.referre] c:\WINDOWS\System32\if (document.referrer) {
O4 - HKLM\..\Run: [ var referrer_website = '&r=' + document.refer] c:\WINDOWS\System32\ var referrer_website = '&r=' + document.referrer;
O4 - HKLM\..\Run: [ var referrer_website = '&r=unkno] c:\WINDOWS\System32\ var referrer_website = '&r=unknown';
O4 - HKLM\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKLM\..\Run: [ var browser_name = '&b=' + escape(navigator.appNa] c:\WINDOWS\System32\ var browser_name = '&b=' + escape(navigator.appName);
O4 - HKLM\..\Run: [ var browser_name = '&b=unkno] c:\WINDOWS\System32\ var browser_name = '&b=unknown';
O4 - HKLM\..\Run: [if (navigator.userAgen] c:\WINDOWS\System32\if (navigator.userAgent) {
O4 - HKLM\..\Run: [ var full_browser_info = '&fbi=' + escape(navigator.userAge] c:\WINDOWS\System32\ var full_browser_info = '&fbi=' + escape(navigator.userAgent);
O4 - HKLM\..\Run: [ var full_browser_info = '&fbi=unkno] c:\WINDOWS\System32\ var full_browser_info = '&fbi=unknown';
O4 - HKLM\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKLM\..\Run: [ var app_version = '&aV=' + escape(navigator.appVersi] c:\WINDOWS\System32\ var app_version = '&aV=' + escape(navigator.appVersion);
O4 - HKLM\..\Run: [ var app_version = '&aV=unkno] c:\WINDOWS\System32\ var app_version = '&aV=unknown';
O4 - HKLM\..\Run: [if (navigator.javaEnabled(] c:\WINDOWS\System32\if (navigator.javaEnabled()) {
O4 - HKLM\..\Run: [ var java_enabled = '&jE=' + navigator.javaEnable] c:\WINDOWS\System32\ var java_enabled = '&jE=' + navigator.javaEnabled();
O4 - HKLM\..\Run: [ var java_enabled = '&jE=unkno] c:\WINDOWS\System32\ var java_enabled = '&jE=unknown';
O4 - HKLM\..\Run: [if (screen.widt] c:\WINDOWS\System32\if (screen.width) {
O4 - HKLM\..\Run: [dvsmpaff] C:\WINDOWS\System32\dvsmpaff.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Owen Morris"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//] c:\WINDOWS\System32\<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKCU\..\Run: [<title>the domain beneditutti.com is under construction</ti] c:\WINDOWS\System32\<title>the domain beneditutti.com is under construction</title>
O4 - HKCU\..\Run: [<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.c] c:\WINDOWS\System32\<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.com">
O4 - HKCU\..\Run: [<meta name="keywords" content="beneditutti.c] c:\WINDOWS\System32\<meta name="keywords" content="beneditutti.com">
O4 - HKCU\..\Run: [<meta http-equiv="imagetoolbar" CONTENT="] c:\WINDOWS\System32\<meta http-equiv="imagetoolbar" CONTENT="no">
O4 - HKCU\..\Run: [<meta name="resource-type" content="docume] c:\WINDOWS\System32\<meta name="resource-type" content="document">
O4 - HKCU\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKCU\..\Run: [<meta name="classification" content="Intern] c:\WINDOWS\System32\<meta name="classification" content="Internet">
O4 - HKCU\..\Run: [<meta name="robots" content="A] c:\WINDOWS\System32\<meta name="robots" content="ALL">
O4 - HKCU\..\Run: [<meta name="distribution" content=&quo

BC AdBot (Login to Remove)

 


#2 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 11 July 2004 - 08:56 AM

Lets do a little clean up so your log is a little more managable.

Please download and clean your computer with this free program called Adaware.

Download Adaware (get the free edition)
http://www.lavasoft.de/software/adaware/
(choose download from the lefthand menu)

Be sure to UPDATE BEFORE SCANNING FIRST!! That is a very important step and I have included easy directions.

After download and installing first, please update the program. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen.

Next, go to Settings (the gear icon at the top) and then *Scanning* and checkmark these items so they will be green:

Scan within archives
Scan my IE Favorites for banned URLS
Scan my hosts file

Then click *proceed* to save settings.

Click on *Tweak* next. And checkmark to make this green also:

Automatically try to unregister objects prior to deletion

Click on *proceed*

Next, from the main screen, click on *Start* (lower righthand corner) and put a dot in the box next to *use Custom scanning options*, then click *Next* to start your scan.


After the scan is complete, click the "Next" button. Checkmark any items found after scanning to remove (this will actually put them in quarantine and can recover from backup if any should not be removed). A quick way is to Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.

Reboot your PC after cleaning with Adaware and scan again. Repeat the process until no further items are found as bad.

next, scan for Viruses and Common Trojans online and free at one (preferably two) of these sites.

Panda's Active Scan
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro (PC-Chillin) - Free on-line Scan
http://housecall.antivirus.com

RAV Antivirus Online Scan
http://www.ravantivirus.com/scan/

eTrust AV web scanner (Computer Associates)
http://www3.ca.com/virusinfo/virusscan.aspx

Please reboot after each scan. Also, please note what is found by the scans and if the items were cleaned of not. Please post the results of the scans along with a new HijackThis log.

Edited by ColdinCbus, 11 July 2004 - 08:56 AM.


#3 sweatyteddy

sweatyteddy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 11 July 2004 - 04:39 PM

OK, here we go.

I ran the LavaSoft program three times before it came up showing no more spyware. Here's those logs.
First One

----

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Sunday, July 11, 2004 2:21:32 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R331 08.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


7-11-2004 2:21:32 PM - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7-10-2004 5:57:02 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:57:05 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:57:05 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:57:06 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:57:06 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:51 PM
Last modified : 8/29/2002 10:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:57:07 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 5:57:07 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 5:57:08 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 5:57:08 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:57:08 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:11 [alg.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 5:57:09 PM
BasePriority : Normal
FileSize : 41 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
OriginalFilename : ALG.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:49 PM
Last modified : 8/29/2002 10:00:00 AM

#:12 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 5:57:09 PM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:50 PM
Last modified : 8/29/2002 10:00:00 AM

#:13 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 7-10-2004 5:57:10 PM
BasePriority : Normal
FileSize : 92 KB
FileVersion : 4, 4, 0, 10
ProductVersion : 4, 4, 0, 0
Copyright : Copyright
CompanyName : Mcafee.com Corporation
FileDescription : McAfee.com VirusScan Online Realtime Engine
InternalName : mcvsrte
OriginalFilename : mcvsrte.exe
ProductName : McAfee.com VirusScan Online
Created on : 7/31/2003 8:06:34 PM
Last accessed : 7/11/2004 7:17:48 PM
Last modified : 10/4/2002 8:09:20 PM

#:14 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 7-10-2004 5:57:12 PM
BasePriority : High
FileSize : 220 KB
Created on : 7/31/2003 8:06:31 PM
Last accessed : 7/11/2004 7:17:48 PM
Last modified : 9/8/2001 11:00:00 AM

#:15 [wbload.exe]
FilePath : C:\Program Files\Stardock\Object Desktop\WindowBlinds\
ThreadCreationTime : 7-10-2004 5:57:36 PM
BasePriority : Normal
FileSize : 430 KB
FileVersion : 4.02
ProductVersion : 4.0
Copyright : Copyright
CompanyName : Stardock Systems, Inc
FileDescription : WindowBlinds
InternalName : WindowBlinds
OriginalFilename : WindowBlinds
ProductName : WindowBlinds - http://www.windowblinds.net
Created on : 3/3/2004 6:45:53 AM
Last accessed : 7/11/2004 7:17:49 PM
Last modified : 4/7/2003 11:50:00 PM

#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-10-2004 5:57:39 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:49 PM
Last modified : 8/29/2002 10:00:00 AM

#:17 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 5:57:43 PM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3,0,0,2039
ProductVersion : 7,0,0,2039
Copyright : Copyright 1999-2002, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/11/2004 7:17:51 PM
Last modified : 1/24/2003 1:05:06 PM

#:18 [carpserv.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 5:57:43 PM
BasePriority : Normal
FileSize : 4 KB
FileVersion : 6.00.09.00
ProductVersion : 6.00.09.00
Copyright : Copyright
CompanyName : Conexant Systems, Inc.
FileDescription : carpserv
InternalName : carpserv
OriginalFilename : carpserv.exe
ProductName : Conexant carpserv
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/11/2004 7:17:50 PM
Last modified : 1/23/2003 8:06:04 PM

#:19 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 7-10-2004 5:57:43 PM
BasePriority : Normal
FileSize : 108 KB
FileVersion : 7.5.7 02May03
ProductVersion : 7.5.7 02May03
Copyright : Copyright © Synaptics, Inc. 1996-2003
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
OriginalFilename : SynTPLpr.exe
ProductName : Progressive Touch
Created on : 7/31/2003 7:56:44 PM
Last accessed : 7/11/2004 7:17:49 PM
Last modified : 5/2/2003 10:21:48 PM

#:20 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 7-10-2004 5:57:44 PM
BasePriority : Normal
FileSize : 596 KB
FileVersion : 7.5.7 02May03
ProductVersion : 7.5.7 02May03
Copyright : Copyright © Synaptics, Inc. 1996-2003
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
OriginalFilename : SynTPEnh.exe
ProductName : Progressive Touch
Created on : 7/31/2003 7:56:44 PM
Last accessed : 7/11/2004 7:17:49 PM
Last modified : 5/2/2003 10:15:44 PM

#:21 [dadapp.exe]
FilePath : C:\Program Files\Dell\AccessDirect\
ThreadCreationTime : 7-10-2004 5:57:44 PM
BasePriority : Normal
FileSize : 203 KB
Created on : 7/31/2003 7:59:55 PM
Last accessed : 7/11/2004 7:17:47 PM
Last modified : 11/1/2002 9:47:36 PM

#:22 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 5:57:44 PM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
Copyright : Copyright
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
OriginalFilename : DSentry.exe
ProductName : Dell - DVDSentry
Created on : 7/17/2002 3:18:06 PM
Last accessed : 7/11/2004 7:17:50 PM
Last modified : 7/17/2002 3:18:06 PM

#:23 [mcagent.exe]
FilePath : C:\Program Files\McAfee.com\Agent\
ThreadCreationTime : 7-10-2004 5:57:44 PM
BasePriority : Normal
FileSize : 188 KB
FileVersion : 4, 0, 0, 26
ProductVersion : 4, 1, 0, 0
Copyright : Copyright
CompanyName : McAfee.com Corporation
FileDescription : McAfee.com SecurityCenter Agent
InternalName : mcagent
OriginalFilename : mcagent.exe
ProductName : McAfee.com SecurityCenter
Created on : 7/31/2003 8:06:21 PM
Last accessed : 7/11/2004 7:17:48 PM
Last modified : 9/6/2002 11:15:48 PM

#:24 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 7-10-2004 5:57:45 PM
BasePriority : Normal
FileSize : 136 KB
FileVersion : 4, 4, 0, 10
ProductVersion : 4, 4, 0, 0
Copyright : Copyright
CompanyName : Mcafee.com Corporation
FileDescription : McAfee.com ActiveShield
InternalName : msvcshld
OriginalFilename : mcvsshld.exe
ProductName : McAfee.com VirusScan Online
Created on : 7/31/2003 8:06:34 PM
Last accessed : 7/11/2004 7:17:48 PM
Last modified : 10/4/2002 8:09:40 PM

#:25 [dadtray.exe]
FilePath : C:\Program Files\Dell\AccessDirect\
ThreadCreationTime : 7-10-2004 5:57:45 PM
BasePriority : Normal
FileSize : 184 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 1999-2002
FileDescription : DadTray MFC Application
InternalName : DadTray
OriginalFilename : DadTray.EXE
ProductName : DadTray Application
Created on : 7/31/2003 7:59:55 PM
Last accessed : 7/11/2004 7:17:47 PM
Last modified : 11/18/2002 3:11:10 PM

#:26 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 7-10-2004 5:57:46 PM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
Copyright : TODO: © <Company name>. All rights reserved.
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
OriginalFilename : mmtask.exe
ProductName : TODO: <Product name>
Created on : 3/15/2004 5:47:26 AM
Last accessed : 7/11/2004 7:17:48 PM
Last modified : 1/26/2004 4:46:48 PM

#:27 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ThreadCreationTime : 7-10-2004 5:59:07 PM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
OriginalFilename : TestLine.exe
ProductName : BVRP Software TestLine
Created on : 7/31/2003 8:00:04 PM
Last accessed : 7/11/2004 7:17:47 PM
Last modified : 9/12/2002 2:28:14 PM

#:28 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 6:04:32 PM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:50 PM
Last modified : 8/29/2002 10:00:00 AM

#:29 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 6:04:36 PM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:50 PM
Last modified : 8/29/2002 10:00:00 AM

#:30 [dvdregionfree.exe]
FilePath : C:\PROGRA~1\DVDREG~1\
ThreadCreationTime : 7-10-2004 11:42:35 PM
BasePriority : Normal
FileSize : 153 KB
FileVersion : 3, 2, 5, 8
ProductVersion : 3, 2, 5, 8
Copyright : Copyright © 2001-2003 Fengtao Software
CompanyName : Fengtao Software
FileDescription : DVD Region-Free Application
InternalName : DVDRegionFree
OriginalFilename : DVDRegionFree.EXE
ProductName : DVD Region-Free - Watch and copy CSS encrypted DVDs from any region!
Created on : 12/21/2003 3:58:08 AM
Last accessed : 7/11/2004 7:17:48 PM
Last modified : 12/21/2003 3:58:08 AM

#:31 [spysweeper.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ThreadCreationTime : 7-11-2004 7:20:39 AM
BasePriority : Normal
FileSize : 3134 KB
FileVersion : 3.0.0.118
ProductVersion : 3.0i
Copyright : Copyright © 2001-2004 Webroot Software, Inc.
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
ProductName : Spy Sweeper
Created on : 6/28/2004 10:16:04 PM
Last accessed : 7/11/2004 7:17:14 PM
Last modified : 6/28/2004 10:16:04 PM

#:32 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 7-11-2004 5:57:50 PM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 7/31/2003 8:06:56 PM
Last accessed : 7/11/2004 7:17:47 PM
Last modified : 7/31/2003 8:06:56 PM

#:33 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 7-11-2004 7:17:16 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:22 PM
Last modified : 8/29/2002 10:00:00 AM

#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 7-11-2004 7:18:58 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12/12/2003 4:09:21 PM
Last accessed : 7/11/2004 7:18:56 PM
Last modified : 7/13/2003 4:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

WinFavorites Object recognized!
Type : File
Data : secret guide to free xxx passwords!.url
Object : C:\Documents and Settings\Owen Morris\Application Data\Microsoft\Internet Explorer\Quick Launch\

Created on : 12/12/2003 12:47:06 AM
Last accessed : 7/11/2004 7:24:52 PM
Last modified : 12/12/2003 12:47:06 AM



Tracking Cookie Object recognized!
Type : File
Data : owen morris@247realmedia[2].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/2/2004 12:31:11 AM
Last accessed : 7/11/2004 7:24:55 PM
Last modified : 7/7/2004 12:10:08 AM



Tracking Cookie Object recognized!
Type : File
Data : owen morris@7search[2].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/10/2004 6:10:18 PM
Last accessed : 7/11/2004 7:24:55 PM
Last modified : 7/10/2004 6:10:18 PM



Tracking Cookie Object recognized!
Type : File
Data : owen morris@cgi-bin[1].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/10/2004 6:10:28 PM
Last accessed : 7/11/2004 7:24:56 PM
Last modified : 7/10/2004 6:10:28 PM



Tracking Cookie Object recognized!
Type : File
Data : owen morris@cgi-bin[3].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/10/2004 9:49:04 PM
Last accessed : 7/11/2004 7:24:56 PM
Last modified : 7/10/2004 9:49:04 PM



Tracking Cookie Object recognized!
Type : File
Data : owen morris@pacificpoker[1].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/10/2004 6:10:18 PM
Last accessed : 7/11/2004 7:24:57 PM
Last modified : 7/10/2004 6:10:18 PM



Tracking Cookie Object recognized!
Type : File
Data : owen morris@statcounter[1].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/2/2004 2:22:55 AM
Last accessed : 7/11/2004 7:24:57 PM
Last modified : 7/2/2004 2:22:55 AM



IELoader Object recognized!
Type : File
Data : a0011133.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP277\
FileSize : 8 KB
Created on : 3/30/2004 12:38:10 AM
Last accessed : 7/11/2004 7:35:17 PM
Last modified : 8/29/2002 10:00:00 AM



IELoader Object recognized!
Type : File
Data : a0011174.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP279\
FileSize : 8 KB
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:35:19 PM
Last modified : 8/29/2002 10:00:00 AM



IELoader Object recognized!
Type : File
Data : a0011175.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP279\
FileSize : 8 KB
Created on : 3/30/2004 12:38:10 AM
Last accessed : 7/11/2004 7:35:20 PM
Last modified : 8/29/2002 10:00:00 AM



IELoader Object recognized!
Type : File
Data : a0011213.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\
FileSize : 8 KB
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:35:21 PM
Last modified : 8/29/2002 10:00:00 AM



IELoader Object recognized!
Type : File
Data : a0011235.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281\
FileSize : 8 KB
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:35:23 PM
Last modified : 8/29/2002 10:00:00 AM



IELoader Object recognized!
Type : File
Data : a0011274.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP283\
FileSize : 8 KB
Created on : 3/30/2004 12:38:10 AM
Last accessed : 7/11/2004 7:35:26 PM
Last modified : 8/29/2002 10:00:00 AM



WinFavorites Object recognized!
Type : File
Data : a0014797.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP326\
FileSize : 72 KB
FileVersion : 1.01.0002
ProductVersion : 1.01.0002
InternalName : WinFavorites
OriginalFilename : WinFavorites.exe
ProductName : Win Favorites
Created on : 12/12/2003 12:46:31 AM
Last accessed : 7/11/2004 7:36:07 PM
Last modified : 12/12/2003 2:38:49 PM



VX2 Object recognized!
Type : File
Data : a0014799.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP326\
FileSize : 132 KB
Created on : 12/12/2003 12:46:32 AM
Last accessed : 7/11/2004 7:36:07 PM
Last modified : 12/12/2003 2:38:50 PM



VX2 Object recognized!
Type : File
Data : a0014800.dll
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP326\
FileSize : 148 KB
FileVersion : 0, 0, 4, 19
ProductVersion : 0, 0, 4, 19
Copyright : Copyright
CompanyName : Better Internet, Inc.
FileDescription : www.abetterinternet.com
InternalName : Win32 Bi Application
OriginalFilename : BI.DLL
ProductName : Win32 BI Application
Created on : 12/12/2003 2:39:01 PM
Last accessed : 7/11/2004 7:36:07 PM
Last modified : 9/16/2003 6:05:40 PM



VX2 Object recognized!
Type : File
Data : a0014801.dll
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP326\
FileSize : 148 KB
FileVersion : 0, 0, 4, 19
ProductVersion : 0, 0, 4, 19
Copyright : Copyright
CompanyName : Better Internet, Inc.
FileDescription : www.abetterinternet.com
InternalName : Win32 Bi Application
OriginalFilename : BI.DLL
ProductName : Win32 BI Application
Created on : 12/12/2003 12:46:35 AM
Last accessed : 7/11/2004 7:36:08 PM
Last modified : 9/16/2003 6:05:40 PM



DyFuCA Object recognized!
Type : File
Data : a0014803.dll
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP326\
FileSize : 92 KB
FileVersion : 2, 2, 0, 0
ProductVersion : 2.2.0.0
Copyright : Copyright 2003
FileDescription : SafeSurfing Module
InternalName : SafeSurfing
OriginalFilename : ssurf022.dll
ProductName : SafeSurfing 2.2
Created on : 12/12/2003 12:46:26 AM
Last accessed : 7/11/2004 7:36:08 PM
Last modified : 12/12/2003 12:46:31 AM



IELoader Object recognized!
Type : File
Data : aaa.exe
Object : C:\WINDOWS\SYSTEM32\
FileSize : 9 KB
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:39:29 PM
Last modified : 8/29/2002 10:00:00 AM



IELoader Object recognized!
Type : File
Data : py.exe
Object : C:\WINDOWS\SYSTEM32\
FileSize : 8 KB
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:40:24 PM
Last modified : 8/29/2002 10:00:00 AM



UpdateLoader Malware Object recognized!
Type : File
Data : randomiser.exe
Object : C:\WINDOWS\SYSTEM32\
FileSize : 7 KB
Created on : 12/12/2003 12:46:00 AM
Last accessed : 7/11/2004 7:40:26 PM
Last modified : 12/12/2003 12:47:56 AM



BuddyPictures Object recognized!
Type : File
Data : av.001
Object : C:\WINDOWS\
FileSize : 19 KB
Created on : 12/12/2003 12:48:21 AM
Last accessed : 7/11/2004 7:40:54 PM
Last modified : 12/12/2003 12:48:21 AM



IELoader Object recognized!
Type : File
Data : bbb.exe
Object : C:\WINDOWS\
FileSize : 9 KB
Created on : 12/12/2003 12:46:26 AM
Last accessed : 7/11/2004 7:40:54 PM
Last modified : 12/12/2003 2:38:48 PM



DownloadPlus Object recognized!
Type : File
Data : msgcenter_lminv1.exe
Object : C:\WINDOWS\
FileSize : 166 KB
FileVersion : 1.0.6
ProductVersion : 1.0.6
Copyright : © Porn Kings. All rights reserved.
CompanyName : Porn Kings
FileDescription : DownloadPlus
InternalName : DownloadPlus.exe
OriginalFilename : DownloadPlus.exe
ProductName : DownloadPlus
Created on : 12/12/2003 12:46:14 AM
Last accessed : 7/11/2004 7:40:55 PM
Last modified : 12/12/2003 2:38:47 PM



Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 24


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
2 entries scanned.
New objects :0
Objects found so far: 24




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

WinFavorites Object recognized!
Type : File
Data : url.txt
Object : c:\

Created on : 12/12/2003 12:46:41 AM
Last accessed : 7/11/2004 7:40:58 PM
Last modified : 12/12/2003 2:38:56 PM



IELoader Object recognized!
Type : File
Data : mslib.dat
Object : c:\windows\system32\

Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:40:58 PM
Last modified : 8/29/2002 10:00:00 AM



IELoader Object recognized!
Type : File
Data : mslink32.dat
Object : c:\windows\system32\
FileSize : 172 KB
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:40:58 PM
Last modified : 8/29/2002 10:00:00 AM



IELoader Object recognized!
Type : File
Data : mspr.dat
Object : c:\windows\system32\

Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:40:58 PM
Last modified : 8/29/2002 10:00:00 AM



IELoader Object recognized!
Type : File
Data : mstbl.ocx
Object : c:\windows\system32\

Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:40:58 PM
Last modified : 8/29/2002 10:00:00 AM



DyFuCA Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}


DyFuCA Object recognized!
Type : File
Data : internet.lnk
Object : c:\documents and settings\owen morris\desktop\

Created on : 11/24/2003 3:33:54 PM
Last accessed : 7/11/2004 7:17:16 PM
Last modified : 11/24/2003 3:33:54 PM



Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 7
Objects found so far: 31


2:41:58 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:20:25:492
Objects scanned :157701
Objects identified :31
Objects ignored :0
New objects :31

Edited by sweatyteddy, 11 July 2004 - 05:17 PM.


#4 sweatyteddy

sweatyteddy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 11 July 2004 - 05:18 PM

second log

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Sunday, July 11, 2004 2:49:26 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R331 08.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


7-11-2004 2:49:26 PM - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7-11-2004 7:46:03 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7-11-2004 7:46:08 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7-11-2004 7:46:09 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-11-2004 7:46:09 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-11-2004 7:46:09 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:51 PM
Last modified : 8/29/2002 10:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-11-2004 7:46:10 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-11-2004 7:46:10 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-11-2004 7:46:11 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-11-2004 7:46:11 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-11-2004 7:46:12 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:52 PM
Last modified : 8/29/2002 10:00:00 AM

#:11 [alg.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-11-2004 7:46:12 PM
BasePriority : Normal
FileSize : 41 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
OriginalFilename : ALG.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:49 PM
Last modified : 8/29/2002 10:00:00 AM

#:12 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-11-2004 7:46:12 PM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:17:50 PM
Last modified : 8/29/2002 10:00:00 AM

#:13 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 7-11-2004 7:46:12 PM
BasePriority : Normal
FileSize : 92 KB
FileVersion : 4, 4, 0, 10
ProductVersion : 4, 4, 0, 0
Copyright : Copyright
CompanyName : Mcafee.com Corporation
FileDescription : McAfee.com VirusScan Online Realtime Engine
InternalName : mcvsrte
OriginalFilename : mcvsrte.exe
ProductName : McAfee.com VirusScan Online
Created on : 7/31/2003 8:06:34 PM
Last accessed : 7/11/2004 7:17:48 PM
Last modified : 10/4/2002 8:09:20 PM

#:14 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 7-11-2004 7:46:16 PM
BasePriority : High
FileSize : 220 KB
Created on : 7/31/2003 8:06:31 PM
Last accessed : 7/11/2004 7:17:48 PM
Last modified : 9/8/2001 11:00:00 AM

#:15 [wbload.exe]
FilePath : C:\Program Files\Stardock\Object Desktop\WindowBlinds\
ThreadCreationTime : 7-11-2004 7:46:20 PM
BasePriority : Normal
FileSize : 430 KB
FileVersion : 4.02
ProductVersion : 4.0
Copyright : Copyright
CompanyName : Stardock Systems, Inc
FileDescription : WindowBlinds
InternalName : WindowBlinds
OriginalFilename : WindowBlinds
ProductName : WindowBlinds - http://www.windowblinds.net
Created on : 3/3/2004 6:45:53 AM
Last accessed : 7/11/2004 7:46:45 PM
Last modified : 4/7/2003 11:50:00 PM

#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-11-2004 7:46:24 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:46:38 PM
Last modified : 8/29/2002 10:00:00 AM

#:17 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3,0,0,2039
ProductVersion : 7,0,0,2039
Copyright : Copyright 1999-2002, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/11/2004 7:46:27 PM
Last modified : 1/24/2003 1:05:06 PM

#:18 [carpserv.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 4 KB
FileVersion : 6.00.09.00
ProductVersion : 6.00.09.00
Copyright : Copyright
CompanyName : Conexant Systems, Inc.
FileDescription : carpserv
InternalName : carpserv
OriginalFilename : carpserv.exe
ProductName : Conexant carpserv
Created on : 1/1/1980 5:00:00 AM
Last accessed : 7/11/2004 7:46:27 PM
Last modified : 1/23/2003 8:06:04 PM

#:19 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 108 KB
FileVersion : 7.5.7 02May03
ProductVersion : 7.5.7 02May03
Copyright : Copyright © Synaptics, Inc. 1996-2003
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
OriginalFilename : SynTPLpr.exe
ProductName : Progressive Touch
Created on : 7/31/2003 7:56:44 PM
Last accessed : 7/11/2004 7:46:27 PM
Last modified : 5/2/2003 10:21:48 PM

#:20 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 596 KB
FileVersion : 7.5.7 02May03
ProductVersion : 7.5.7 02May03
Copyright : Copyright © Synaptics, Inc. 1996-2003
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
OriginalFilename : SynTPEnh.exe
ProductName : Progressive Touch
Created on : 7/31/2003 7:56:44 PM
Last accessed : 7/11/2004 7:46:27 PM
Last modified : 5/2/2003 10:15:44 PM

#:21 [dadapp.exe]
FilePath : C:\Program Files\Dell\AccessDirect\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 203 KB
Created on : 7/31/2003 7:59:55 PM
Last accessed : 7/11/2004 7:46:27 PM
Last modified : 11/1/2002 9:47:36 PM

#:22 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
Copyright : Copyright
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
OriginalFilename : DSentry.exe
ProductName : Dell - DVDSentry
Created on : 7/17/2002 3:18:06 PM
Last accessed : 7/11/2004 7:46:27 PM
Last modified : 7/17/2002 3:18:06 PM

#:23 [mcagent.exe]
FilePath : C:\Program Files\McAfee.com\Agent\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 188 KB
FileVersion : 4, 0, 0, 26
ProductVersion : 4, 1, 0, 0
Copyright : Copyright
CompanyName : McAfee.com Corporation
FileDescription : McAfee.com SecurityCenter Agent
InternalName : mcagent
OriginalFilename : mcagent.exe
ProductName : McAfee.com SecurityCenter
Created on : 7/31/2003 8:06:21 PM
Last accessed : 7/11/2004 7:46:44 PM
Last modified : 9/6/2002 11:15:48 PM

#:24 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 7/31/2003 8:06:56 PM
Last accessed : 7/11/2004 7:46:27 PM
Last modified : 7/31/2003 8:06:56 PM

#:25 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 136 KB
FileVersion : 4, 4, 0, 10
ProductVersion : 4, 4, 0, 0
Copyright : Copyright
CompanyName : Mcafee.com Corporation
FileDescription : McAfee.com ActiveShield
InternalName : msvcshld
OriginalFilename : mcvsshld.exe
ProductName : McAfee.com VirusScan Online
Created on : 7/31/2003 8:06:34 PM
Last accessed : 7/11/2004 7:46:44 PM
Last modified : 10/4/2002 8:09:40 PM

#:26 [support.exe]
FilePath : C:\Program Files\Common Files\Dell\EUSW\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 288 KB
FileVersion : 2, 0, 0, 34
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Dell
FileDescription : Support
InternalName : Support
OriginalFilename : Support.exe
ProductName : Dell Support
Created on : 4/28/2003 10:05:04 PM
Last accessed : 7/11/2004 7:46:27 PM
Last modified : 9/19/2003 7:46:26 PM

#:27 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.3
ProductVersion : QuickTime 6.3
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 8/18/2003 5:07:00 AM
Last accessed : 7/11/2004 7:46:27 PM
Last modified : 8/18/2003 5:07:00 AM

#:28 [fs20.exe]
FilePath : C:\Program Files\Free Surfer\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 704 KB
FileVersion : 2.01.0026
ProductVersion : 2.01.0026
Copyright : EMS-Project, E.Muhonen 2002 ©
CompanyName : EMS-Project 2002 ©
InternalName : fs20
OriginalFilename : fs20.exe
ProductName : Free Surfer mk II
Created on : 9/19/2002 1:25:30 AM
Last accessed : 7/11/2004 7:46:47 PM
Last modified : 9/19/2002 1:25:30 AM

#:29 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 7-11-2004 7:46:27 PM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
Copyright : TODO: © <Company name>. All rights reserved.
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
OriginalFilename : mmtask.exe
ProductName : TODO: <Product name>
Created on : 3/15/2004 5:47:26 AM
Last accessed : 7/11/2004 7:46:27 PM
Last modified : 1/26/2004 4:46:48 PM

#:30 [dadtray.exe]
FilePath : C:\Program Files\Dell\AccessDirect\
ThreadCreationTime : 7-11-2004 7:46:29 PM
BasePriority : Normal
FileSize : 184 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 1999-2002
FileDescription : DadTray MFC Application
InternalName : DadTray
OriginalFilename : DadTray.EXE
ProductName : DadTray Application
Created on : 7/31/2003 7:59:55 PM
Last accessed : 7/11/2004 7:17:47 PM
Last modified : 11/18/2002 3:11:10 PM

#:31 [kazaa.kpp]
FilePath : C:\Program Files\Kazaa Lite K++\
ThreadCreationTime : 7-11-2004 7:46:33 PM
BasePriority : Normal
FileSize : 2182 KB
Created on : 7/16/2003 11:19:52 PM
Last accessed : 7/11/2004 7:46:03 PM
Last modified : 7/16/2003 11:19:52 PM

#:32 [washer.exe]
FilePath : C:\Program Files\Washer\
ThreadCreationTime : 7-11-2004 7:47:39 PM
BasePriority : Normal
FileSize : 2636 KB
FileVersion : 4.5.1.8
ProductVersion : 4.5
Copyright : Copyright 1998-2002 Webroot Software, Inc.
CompanyName : Webroot Software, Inc.
FileDescription : Window Washer
ProductName : Window Washer
Created on : 10/27/2003 8:27:42 PM
Last accessed : 7/11/2004 7:46:40 PM
Last modified : 10/27/2003 8:28:51 PM

#:33 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ThreadCreationTime : 7-11-2004 7:47:42 PM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
OriginalFilename : TestLine.exe
ProductName : BVRP Software TestLine
Created on : 7/31/2003 8:00:04 PM
Last accessed : 7/11/2004 7:47:42 PM
Last modified : 9/12/2002 2:28:14 PM

#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 7-11-2004 7:49:04 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12/12/2003 4:09:21 PM
Last accessed : 7/11/2004 7:49:04 PM
Last modified : 7/13/2003 4:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : owen morris@advertising[1].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/11/2004 7:33:07 PM
Last accessed : 7/11/2004 7:33:19 PM
Last modified : 7/11/2004 7:33:19 PM



Tracking Cookie Object recognized!
Type : File
Data : owen morris@atdmt[2].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/11/2004 7:33:12 PM
Last accessed : 7/11/2004 7:33:12 PM
Last modified : 7/11/2004 7:33:12 PM



Tracking Cookie Object recognized!
Type : File
Data : owen morris@doubleclick[1].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/11/2004 7:33:17 PM
Last accessed : 7/11/2004 7:33:17 PM
Last modified : 7/11/2004 7:33:17 PM



Tracking Cookie Object recognized!
Type : File
Data : owen morris@maxserving[1].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/11/2004 7:33:11 PM
Last accessed : 7/11/2004 7:33:11 PM
Last modified : 7/11/2004 7:33:11 PM



Tracking Cookie Object recognized!
Type : File
Data : owen morris@servedby.advertising[1].txt
Object : C:\Documents and Settings\Owen Morris\Cookies\

Created on : 7/11/2004 7:33:07 PM
Last accessed : 7/11/2004 7:33:19 PM
Last modified : 7/11/2004 7:33:19 PM



IELoader Object recognized!
Type : File
Data : a0014894.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP332\
FileSize : 9 KB
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:43:13 PM
Last modified : 8/29/2002 10:00:00 AM



IELoader Object recognized!
Type : File
Data : a0014895.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP332\
FileSize : 8 KB
Created on : 8/29/2002 10:00:00 AM
Last accessed : 7/11/2004 7:43:13 PM
Last modified : 8/29/2002 10:00:00 AM



UpdateLoader Malware Object recognized!
Type : File
Data : a0014896.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP332\
FileSize : 7 KB
Created on : 12/12/2003 12:46:00 AM
Last accessed : 7/11/2004 7:43:13 PM
Last modified : 12/12/2003 12:47:56 AM



IELoader Object recognized!
Type : File
Data : a0014897.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP332\
FileSize : 9 KB
Created on : 12/12/2003 12:46:26 AM
Last accessed : 7/11/2004 7:43:14 PM
Last modified : 12/12/2003 2:38:48 PM



DownloadPlus Object recognized!
Type : File
Data : a0014898.exe
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP332\
FileSize : 166 KB
FileVersion : 1.0.6
ProductVersion : 1.0.6
Copyright : © Porn Kings. All rights reserved.
CompanyName : Porn Kings
FileDescription : DownloadPlus
InternalName : DownloadPlus.exe
OriginalFilename : DownloadPlus.exe
ProductName : DownloadPlus
Created on : 12/12/2003 12:46:14 AM
Last accessed : 7/11/2004 7:43:14 PM
Last modified : 12/12/2003 2:38:47 PM



Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 10


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
2 entries scanned.
New objects :0
Objects found so far: 10




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 10


3:08:01 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:18:34:613
Objects scanned :147881
Objects identified :10
Objects ignored :0
New objects :10

#5 sweatyteddy

sweatyteddy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 11 July 2004 - 05:22 PM

Since the third time I ran adaware showed nothing I am not going to include that log but if you want it, I have it. After running Adaware three times I ran Panda Virus Scan, here the log for that-
Incident Status Location

Virus:Trj/Agent.P Disinfected Operating system
Virus:Trj/Navid.B Renamed C:\WINDOWS\SYSTEM32\qnjwsamp.dll
Virus:Trj/Agent.P Renamed C:\WINDOWS\SYSTEM32\zanxepze.dll

#6 sweatyteddy

sweatyteddy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 11 July 2004 - 05:27 PM

Finally I ran hijack this again. Here are those results (by the way I did restart my computer after every scan just like you said)

Logfile of HijackThis v1.98.0
Scan saved at 5:25:37 PM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Kazaa Lite K++\Kazaa.kpp
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OWENMO~1\LOCALS~1\Temp\Rar$EX00.848\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://localhost;<local>
O2 - BHO: (no name) - {07900326-1DE2-DFD4-67F8-550D4EA09FD2} - C:\WINDOWS\System32\heuifvic.dll
O2 - BHO: (no name) - {6A5F1215-9809-A5AE-CCF1-BAE1AE6C3D0D} - C:\WINDOWS\System32\zanxepze.dll (file missing)
O2 - BHO: (no name) - {9685178C-20DF-614C-F746-CA7A5CB7EE3F} - C:\WINDOWS\System32\qnjwsamp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\Kazaa.kpp" /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [wqkgfnbz] C:\WINDOWS\jusvvtzy.exe
O4 - HKLM\..\Run: [DWAYMXITA] C:\WINDOWS\DWAYMXITA.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe
O4 - HKLM\..\Run: [DGJMQ] C:\WINDOWS\DGJMQ.exe
O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//] c:\WINDOWS\System32\<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKLM\..\Run: [<title>the domain beneditutti.com is under construction</ti] c:\WINDOWS\System32\<title>the domain beneditutti.com is under construction</title>
O4 - HKLM\..\Run: [<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.c] c:\WINDOWS\System32\<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.com">
O4 - HKLM\..\Run: [<meta name="keywords" content="beneditutti.c] c:\WINDOWS\System32\<meta name="keywords" content="beneditutti.com">
O4 - HKLM\..\Run: [<meta http-equiv="imagetoolbar" CONTENT="] c:\WINDOWS\System32\<meta http-equiv="imagetoolbar" CONTENT="no">
O4 - HKLM\..\Run: [<meta name="resource-type" content="docume] c:\WINDOWS\System32\<meta name="resource-type" content="document">
O4 - HKLM\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKLM\..\Run: [<meta name="classification" content="Intern] c:\WINDOWS\System32\<meta name="classification" content="Internet">
O4 - HKLM\..\Run: [<meta name="robots" content="A] c:\WINDOWS\System32\<meta name="robots" content="ALL">
O4 - HKLM\..\Run: [<meta name="distribution" content="Glob] c:\WINDOWS\System32\<meta name="distribution" content="Global">
O4 - HKLM\..\Run: [<meta name="rating" content="A] c:\WINDOWS\System32\<meta name="rating" content="All">
O4 - HKLM\..\Run: [<meta name="doc-class" content="Complet] c:\WINDOWS\System32\<meta name="doc-class" content="Completed">
O4 - HKLM\..\Run: [<meta http-equiv="Content-Type" content="text/html; charset=iso-8859] c:\WINDOWS\System32\<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="http://parked.directnic.com/newstyle.css" type="text/c] c:\WINDOWS\System32\<link rel="stylesheet" href="http://parked.directnic.com/newstyle.css" type="text/css">
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKLM\..\Run: [<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#000] c:\WINDOWS\System32\<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#0000ff>
O4 - HKLM\..\Run: [<table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\<table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a><] c:\WINDOWS\System32\ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a></td>
O4 - HKLM\..\Run: [ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.<] c:\WINDOWS\System32\ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.</td>
O4 - HKLM\..\Run: [ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"><] c:\WINDOWS\System32\ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"></td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"><] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"></td>
O4 - HKLM\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> <] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> </td>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"></td>
O4 - HKLM\..\Run: [</ta] c:\WINDOWS\System32\</table>
O4 - HKLM\..\Run: [<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EB] c:\WINDOWS\System32\<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EBF0">
O4 - HKLM\..\Run: [ <form method=get action="http://parked.directnic.com/result.p] c:\WINDOWS\System32\ <form method=get action="http://parked.directnic.com/result.php">
O4 - HKLM\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - HKLM\..\Run: [ <input type="hidden" name="search" value=] c:\WINDOWS\System32\ <input type="hidden" name="search" value="Y">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfie] c:\WINDOWS\System32\ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfield">
O4 - HKLM\..\Run: [ <input type="submit" name="Submit" value="Search" class="subm] c:\WINDOWS\System32\ <input type="submit" name="Submit" value="Search" class="submit">
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ </f] c:\WINDOWS\System32\ </form>
O4 - HKLM\..\Run: [ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Sear] c:\WINDOWS\System32\ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Searches
O4 - HKLM\..\Run: [ by Category<] c:\WINDOWS\System32\ by Category</td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10></td>
O4 - HKLM\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td valign="top" width="3] c:\WINDOWS\System32\ <td valign="top" width="33%">
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a><] c:\WINDOWS\System32\ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a></td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td valign=top class=linkl] c:\WINDOWS\System32\ <td valign=top class=linklist>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br></td>
O4 - HKLM\..\Run: [ </table><] c:\WINDOWS\System32\ </table></td>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2></td>
O4 - HKLM\..\Run: [ <td bgcolor="#99CC66" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1" class="wheader">Travel</a><] c:\WINDOWS\System32\ <td bgcolor="#99CC66" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1" class="wheader">Travel</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=adventure+travel&host=beneditutti.com&cat=1">Adventure Travel</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=adventure+travel&host=beneditutti.com&cat=1">Adventure Travel</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=vacation&host=beneditutti.com&cat=1">Vacation</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=vacation&host=beneditutti.com&cat=1">Vacation</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=airline+ticket&host=beneditutti.com&cat=1">Airline Ticket</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=airline+ticket&host=beneditutti.com&cat=1">Airline Ticket</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=hotel&host=beneditutti.com&cat=1">Hotel</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=hotel&host=beneditutti.com&cat=1">Hotel</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1">Travel</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1">Travel</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=map&host=beneditutti.com&cat=1">Map</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=map&host=beneditutti.com&cat=1">Map</a><br></td>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2></td>
O4 - HKLM\..\Run: [ <td valign="t] c:\WINDOWS\System32\ <td valign="top">
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#00CC99" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&cat=1" class="wheader">Hobbies</a><] c:\WINDOWS\System32\ <td bgcolor="#00CC99" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&cat=1" class="wheader">Hobbies</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=craft&host=beneditutti.com&cat=1">Craft</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=craft&host=beneditutti.com&cat=1">Craft</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=cooking&host=beneditutti.com&cat=1">Cooking</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=cooking&host=beneditutti.com&cat=1">Cooking</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+decorating&host=beneditutti.com&cat=1">Home Decorating</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+decorating&host=beneditutti.com&cat=1">Home Decorating</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=sports&host=beneditutti.com&cat=1">Sports</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=sports&host=beneditutti.com&cat=1">Sports</a><br></td>
O4 - HKLM\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <td> <] c:\WINDOWS\System32\ <td> </td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#999999" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&cat=1" class="wheader">Entertainment</a><] c:\WINDOWS\System32\ <td bgcolor="#999999" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&cat=1" class="wheader">Entertainment</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gambling&host=beneditutti.com&cat=1">Gambling</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gambling&host=beneditutti.com&cat=1">Gambling</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=movie&host=beneditutti.com&cat=1">Movie</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=movie&host=beneditutti.com&cat=1">Movie</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=music&host=beneditutti.com&cat=1">Music</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=music&host=beneditutti.com&cat=1">Music</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=game&host=beneditutti.com&cat=1">Game</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=game&host=beneditutti.com&cat=1">Game</a><br>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <td bgcolor="#990000" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&cat=1" class="wheader">Finance</a><] c:\WINDOWS\System32\ <td bgcolor="#990000" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&cat=1" class="wheader">Finance</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=loan&host=beneditutti.com&cat=1">Loan</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=loan&host=beneditutti.com&cat=1">Loan</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=investing&host=beneditutti.com&cat=1">Investing</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=investing&host=beneditutti.com&cat=1">Investing</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=insurance&host=beneditutti.com&cat=1">Insurance</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=insurance&host=beneditutti.com&cat=1">Insurance</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=credit+card&host=beneditutti.com&cat=1">Credit Card</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=credit+card&host=beneditutti.com&cat=1">Credit Card</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=stock&host=beneditutti.com&cat=1">Stock</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=stock&host=beneditutti.com&cat=1">Stock</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=real+estate&host=beneditutti.com&cat=1">Real Estate</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=real+estate&host=beneditutti.com&cat=1">Real Estate</a><br></td>
O4 - HKLM\..\Run: [ <td bgcolor="#3399FF" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1" class="wheader">Gifts</a><] c:\WINDOWS\System32\ <td bgcolor="#3399FF" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1" class="wheader">Gifts</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+basket&host=beneditutti.com&cat=1">Gift Basket</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+basket&host=beneditutti.com&cat=1">Gift Basket</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+certificate&host=beneditutti.com&cat=1">Gift Certificate</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+certificate&host=beneditutti.com&cat=1">Gift Certificate</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=flower&host=beneditutti.com&cat=1">Flower</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=flower&host=beneditutti.com&cat=1">Flower</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wedding+gift&host=beneditutti.com&cat=1">Wedding Gift</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wedding+gift&host=beneditutti.com&cat=1">Wedding Gift</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wine&host=beneditutti.com&cat=1">Wine</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wine&host=beneditutti.com&cat=1">Wine</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=jewelry&host=beneditutti.com&cat=1">Jewelry</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=jewelry&host=beneditutti.com&cat=1">Jewelry</a><br></td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#FF6600" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&cat=1" class="wheader">Shopping</a><] c:\WINDOWS\System32\ <td bgcolor="#FF6600" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&cat=1" class="wheader">Shopping</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1">Gift</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1">Gift</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=car&host=beneditutti.com&cat=1">Car</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=car&host=beneditutti.com&cat=1">Car</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=book&host=beneditutti.com&cat=1">Book</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=book&host=beneditutti.com&cat=1">Book</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=electronics&host=beneditutti.com&cat=1">Electronics</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=electronics&host=beneditutti.com&cat=1">Electronics</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=toy&host=beneditutti.com&cat=1">Toy</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=toy&host=beneditutti.com&cat=1">Toy</a><br></td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#333399" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&cat=1" class="wheader">Home</a><] c:\WINDOWS\System32\ <td bgcolor="#333399" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&cat=1" class="wheader">Home</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+loan&host=beneditutti.com&cat=1">Home Loan</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+loan&host=beneditutti.com&cat=1">Home Loan</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+improvement&host=beneditutti.com&cat=1">Home Improvement</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+improvement&host=beneditutti.com&cat=1">Home Improvement</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+buying&host=beneditutti.com&cat=1">Home Buying</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+buying&host=beneditutti.com&cat=1">Home Buying</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=interior+design&host=beneditutti.com&cat=1">Interior Design</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=interior+design&host=beneditutti.com&cat=1">Interior Design</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=pets&host=beneditutti.com&cat=1">Pets</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=pets&host=beneditutti.com&cat=1">Pets</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br></td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#FF0033" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&cat=1" class="wheader">Health</a><] c:\WINDOWS\System32\ <td bgcolor="#FF0033" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&cat=1" class="wheader">Health</a></td>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=life+insurance&host=beneditutti.com&cat=1">Life Insurance</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=life+insurance&host=beneditutti.com&cat=1">Life Insurance</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=health+insurance&host=beneditutti.com&cat=1">Health Insurance</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=health+insurance&host=beneditutti.com&cat=1">Health Insurance</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=weight+loss&host=beneditutti.com&cat=1">Weight Loss</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=weight+loss&host=beneditutti.com&cat=1">Weight Loss</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=nutrition&host=beneditutti.com&cat=1">Nutrition</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=nutrition&host=beneditutti.com&cat=1">Nutrition</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a><br>
O4 - HKLM\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=womens+health&host=beneditutti.com&cat=1">Womens Health</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=womens+health&host=beneditutti.com&cat=1">Womens Health</a><br></td>
O4 - HKLM\..\Run: [ </table><] c:\WINDOWS\System32\ </table></td>
O4 - HKLM\..\Run: [ <td width="175" align="right" valign="top"> <table border=0 cellspacing=0 cellpadding=0 width=] c:\WINDOWS\System32\ <td width="175" align="right" valign="top"> <table border=0 cellspacing=0 cellpadding=0 width=174>
O4 - HKLM\..\Run: [ <td height=25 bgcolor="#003399" class="whiteh2">Popular Categories<] c:\WINDOWS\System32\ <td height=25 bgcolor="#003399" class="whiteh2">Popular Categories</td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&side=1" class=category>Finance</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&side=1" class=category>Finance</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#D3DBE4><img src="http://parked.directnic.com/images/spacer.gif" height=1 width=174><] c:\WINDOWS\System32\ <td bgcolor=#D3DBE4><img src="http://parked.directnic.com/images/spacer.gif" height=1 width=174></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&side=1" class="category">Travel</a><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&side=1" class="category">Travel</a></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&side=1" class=category>Gifts</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&side=1" class=category>Gifts</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&side=1" class=category>Home</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&side=1" class=category>Home</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&side=1" class=category>Health</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&side=1" class=category>Health</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&side=1" class=category>Entertainment</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&side=1" class=category>Entertainment</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&side=1" class=category>Shopping</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&side=1" class=category>Shopping</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&side=1" class=category>Computing</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&side=1" class=category>Computing</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&side=1" class=category>Hobbies</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&side=1" class=category>Hobbies</A></td>
O4 - HKLM\..\Run: [<!-- Tracking] c:\WINDOWS\System32\<!-- Tracking -->
O4 - HKLM\..\Run: [<script language="Javascri] c:\WINDOWS\System32\<script language="Javascript">
O4 - HKLM\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKLM\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKLM\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKLM\..\Run: [if (location.hos] c:\WINDOWS\System32\if (location.host) {
O4 - HKLM\..\Run: [ var domain_name = '&d=' + location.h] c:\WINDOWS\System32\ var domain_name = '&d=' + location.host;
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [ var domain_name = '&d=unkno] c:\WINDOWS\System32\ var domain_name = '&d=unknown';
O4 - HKLM\..\Run: [if (document.referre] c:\WINDOWS\System32\if (document.referrer) {
O4 - HKLM\..\Run: [ var referrer_website = '&r=' + document.refer] c:\WINDOWS\System32\ var referrer_website = '&r=' + document.referrer;
O4 - HKLM\..\Run: [ var referrer_website = '&r=unkno] c:\WINDOWS\System32\ var referrer_website = '&r=unknown';
O4 - HKLM\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKLM\..\Run: [ var browser_name = '&b=' + escape(navigator.appNa] c:\WINDOWS\System32\ var browser_name = '&b=' + escape(navigator.appName);
O4 - HKLM\..\Run: [ var browser_name = '&b=unkno] c:\WINDOWS\System32\ var browser_name = '&b=unknown';
O4 - HKLM\..\Run: [if (navigator.userAgen] c:\WINDOWS\System32\if (navigator.userAgent) {
O4 - HKLM\..\Run: [ var full_browser_info = '&fbi=' + escape(navigator.userAge] c:\WINDOWS\System32\ var full_browser_info = '&fbi=' + escape(navigator.userAgent);
O4 - HKLM\..\Run: [ var full_browser_info = '&fbi=unkno] c:\WINDOWS\System32\ var full_browser_info = '&fbi=unknown';
O4 - HKLM\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKLM\..\Run: [ var app_version = '&aV=' + escape(navigator.appVersi] c:\WINDOWS\System32\ var app_version = '&aV=' + escape(navigator.appVersion);
O4 - HKLM\..\Run: [ var app_version = '&aV=unkno] c:\WINDOWS\System32\ var app_version = '&aV=unknown';
O4 - HKLM\..\Run: [if (navigator.javaEnabled(] c:\WINDOWS\System32\if (navigator.javaEnabled()) {
O4 - HKLM\..\Run: [ var java_enabled = '&jE=' + navigator.javaEnable] c:\WINDOWS\System32\ var java_enabled = '&jE=' + navigator.javaEnabled();
O4 - HKLM\..\Run: [ var java_enabled = '&jE=unkno] c:\WINDOWS\System32\ var java_enabled = '&jE=unknown';
O4 - HKLM\..\Run: [if (screen.widt] c:\WINDOWS\System32\if (screen.width) {
O4 - HKLM\..\Run: [dvsmpaff] C:\WINDOWS\System32\dvsmpaff.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Owen Morris"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//] c:\WINDOWS\System32\<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKCU\..\Run: [<title>the domain beneditutti.com is under construction</ti] c:\WINDOWS\System32\<title>the domain beneditutti.com is under construction</title>
O4 - HKCU\..\Run: [<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.c] c:\WINDOWS\System32\<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.com">
O4 - HKCU\..\Run: [<meta name="keywords" content="beneditutti.c] c:\WINDOWS\System32\<meta name="keywords" content="beneditutti.com">
O4 - HKCU\..\Run: [<meta http-equiv="imagetoolbar" CONTENT="] c:\WINDOWS\System32\<meta http-equiv="imagetoolbar" CONTENT="no">
O4 - HKCU\..\Run: [<meta name="resource-type" content="docume] c:\WINDOWS\System32\<meta name="resource-type" content="document">
O4 - HKCU\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKCU\..\Run: [<meta name="classification" content="Intern] c:\WINDOWS\System32\<meta name="classification" content="Internet">
O4 - HKCU\..\Run: [<meta name="robots" content="A] c:\WINDOWS\System32\<meta name="robots" content="ALL">
O4 - HKCU\..\Run: [<meta name="distribution" content="Glob] c:\WINDOWS\System32\<meta name="distribution" content="Global">
O4 - HKCU

#7 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 12 July 2004 - 02:38 PM

Humm, still a lot there to work with. I would have thought that adaware and the AV's would have picked up more.

Please move HijackThis to it's own folder on your computer, anywhere is fine except a TEMP directory or on your desktop, I suggest using "C:\HJT\". Please navigate to the new folder and run HijackThis again from there.

Put check next the the following items, make sure you have all browser windows closed and then click "Fix Checked:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://localhost;<local>
O2 - BHO: (no name) - {07900326-1DE2-DFD4-67F8-550D4EA09FD2} - C:\WINDOWS\System32\heuifvic.dll
O2 - BHO: (no name) - {6A5F1215-9809-A5AE-CCF1-BAE1AE6C3D0D} - C:\WINDOWS\System32\zanxepze.dll (file missing)
O2 - BHO: (no name) - {9685178C-20DF-614C-F746-CA7A5CB7EE3F} - C:\WINDOWS\System32\qnjwsamp.dll (file missing)
O4 - HKLM\..\Run: [wqkgfnbz] C:\WINDOWS\jusvvtzy.exe
O4 - HKLM\..\Run: [DWAYMXITA] C:\WINDOWS\DWAYMXITA.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe
O4 - HKLM\..\Run: [DGJMQ] C:\WINDOWS\DGJMQ.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//] c:\WINDOWS\System32\<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKLM\..\Run: [<title>the domain beneditutti.com is under construction</ti] c:\WINDOWS\System32\<title>the domain beneditutti.com is under construction</title>
O4 - HKLM\..\Run: [<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.c] c:\WINDOWS\System32\<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.com">
O4 - HKLM\..\Run: [<meta name="keywords" content="beneditutti.c] c:\WINDOWS\System32\<meta name="keywords" content="beneditutti.com">
O4 - HKLM\..\Run: [<meta http-equiv="imagetoolbar" CONTENT="] c:\WINDOWS\System32\<meta http-equiv="imagetoolbar" CONTENT="no">
O4 - HKLM\..\Run: [<meta name="resource-type" content="docume] c:\WINDOWS\System32\<meta name="resource-type" content="document">
O4 - HKLM\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKLM\..\Run: [<meta name="classification" content="Intern] c:\WINDOWS\System32\<meta name="classification" content="Internet">
O4 - HKLM\..\Run: [<meta name="robots" content="A] c:\WINDOWS\System32\<meta name="robots" content="ALL">
O4 - HKLM\..\Run: [<meta name="distribution" content="Glob] c:\WINDOWS\System32\<meta name="distribution" content="Global">
O4 - HKLM\..\Run: [<meta name="rating" content="A] c:\WINDOWS\System32\<meta name="rating" content="All">
O4 - HKLM\..\Run: [<meta name="doc-class" content="Complet] c:\WINDOWS\System32\<meta name="doc-class" content="Completed">
O4 - HKLM\..\Run: [<meta http-equiv="Content-Type" content="text/html; charset=iso-8859] c:\WINDOWS\System32\<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O4 - HKLM\..\Run: [<link rel="stylesheet" href="http://parked.directnic.com/newstyle.css" type="text/c] c:\WINDOWS\System32\<link rel="stylesheet" href="http://parked.directnic.com/newstyle.css" type="text/css">
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKLM\..\Run: [<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#000] c:\WINDOWS\System32\<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#0000ff>
O4 - HKLM\..\Run: [<table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\<table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a><] c:\WINDOWS\System32\ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a></td>
O4 - HKLM\..\Run: [ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.<] c:\WINDOWS\System32\ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.</td>
O4 - HKLM\..\Run: [ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"><] c:\WINDOWS\System32\ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"></td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"><] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"></td>
O4 - HKLM\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> <] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> </td>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"></td>
O4 - HKLM\..\Run: [</ta] c:\WINDOWS\System32\</table>
O4 - HKLM\..\Run: [<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EB] c:\WINDOWS\System32\<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EBF0">
O4 - HKLM\..\Run: [ <form method=get action="http://parked.directnic.com/result.p] c:\WINDOWS\System32\ <form method=get action="http://parked.directnic.com/result.php">
O4 - HKLM\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - HKLM\..\Run: [ <input type="hidden" name="search" value=] c:\WINDOWS\System32\ <input type="hidden" name="search" value="Y">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfie] c:\WINDOWS\System32\ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfield">
O4 - HKLM\..\Run: [ <input type="submit" name="Submit" value="Search" class="subm] c:\WINDOWS\System32\ <input type="submit" name="Submit" value="Search" class="submit">
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ </f] c:\WINDOWS\System32\ </form>
O4 - HKLM\..\Run: [ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Sear] c:\WINDOWS\System32\ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Searches
O4 - HKLM\..\Run: [ by Category<] c:\WINDOWS\System32\ by Category</td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10></td>
O4 - HKLM\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td valign="top" width="3] c:\WINDOWS\System32\ <td valign="top" width="33%">
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKLM\..\Run: [ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a><] c:\WINDOWS\System32\ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a></td>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKLM\..\Run: [ <td valign=top class=linkl] c:\WINDOWS\System32\ <td valign=top class=linklist>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br></td>
O4 - HKLM\..\Run: [ </table><] c:\WINDOWS\System32\ </table></td>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2></td>
O4 - HKLM\..\Run: [ <td bgcolor="#99CC66" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1" class="wheader">Travel</a><] c:\WINDOWS\System32\ <td bgcolor="#99CC66" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1" class="wheader">Travel</a></td>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=adventure+travel&host=beneditutti.com&cat=1">Adventure Travel</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=adventure+travel&host=beneditutti.com&cat=1">Adventure Travel</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=vacation&host=beneditutti.com&cat=1">Vacation</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=vacation&host=beneditutti.com&cat=1">Vacation</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=airline+ticket&host=beneditutti.com&cat=1">Airline Ticket</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=airline+ticket&host=beneditutti.com&cat=1">Airline Ticket</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=hotel&host=beneditutti.com&cat=1">Hotel</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=hotel&host=beneditutti.com&cat=1">Hotel</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1">Travel</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1">Travel</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=map&host=beneditutti.com&cat=1">Map</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=map&host=beneditutti.com&cat=1">Map</a><br></td>
O4 - HKLM\..\Run: [ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2></td>
O4 - HKLM\..\Run: [ <td valign="t] c:\WINDOWS\System32\ <td valign="top">
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#00CC99" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&cat=1" class="wheader">Hobbies</a><] c:\WINDOWS\System32\ <td bgcolor="#00CC99" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&cat=1" class="wheader">Hobbies</a></td>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=craft&host=beneditutti.com&cat=1">Craft</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=craft&host=beneditutti.com&cat=1">Craft</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=cooking&host=beneditutti.com&cat=1">Cooking</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=cooking&host=beneditutti.com&cat=1">Cooking</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+decorating&host=beneditutti.com&cat=1">Home Decorating</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+decorating&host=beneditutti.com&cat=1">Home Decorating</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=sports&host=beneditutti.com&cat=1">Sports</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=sports&host=beneditutti.com&cat=1">Sports</a><br></td>
O4 - HKLM\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <td> <] c:\WINDOWS\System32\ <td> </td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#999999" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&cat=1" class="wheader">Entertainment</a><] c:\WINDOWS\System32\ <td bgcolor="#999999" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&cat=1" class="wheader">Entertainment</a></td>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gambling&host=beneditutti.com&cat=1">Gambling</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gambling&host=beneditutti.com&cat=1">Gambling</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=movie&host=beneditutti.com&cat=1">Movie</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=movie&host=beneditutti.com&cat=1">Movie</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=music&host=beneditutti.com&cat=1">Music</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=music&host=beneditutti.com&cat=1">Music</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=game&host=beneditutti.com&cat=1">Game</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=game&host=beneditutti.com&cat=1">Game</a><br>
O4 - HKLM\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKLM\..\Run: [ <td bgcolor="#990000" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&cat=1" class="wheader">Finance</a><] c:\WINDOWS\System32\ <td bgcolor="#990000" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&cat=1" class="wheader">Finance</a></td>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=loan&host=beneditutti.com&cat=1">Loan</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=loan&host=beneditutti.com&cat=1">Loan</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=investing&host=beneditutti.com&cat=1">Investing</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=investing&host=beneditutti.com&cat=1">Investing</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=insurance&host=beneditutti.com&cat=1">Insurance</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=insurance&host=beneditutti.com&cat=1">Insurance</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=credit+card&host=beneditutti.com&cat=1">Credit Card</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=credit+card&host=beneditutti.com&cat=1">Credit Card</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=stock&host=beneditutti.com&cat=1">Stock</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=stock&host=beneditutti.com&cat=1">Stock</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=real+estate&host=beneditutti.com&cat=1">Real Estate</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=real+estate&host=beneditutti.com&cat=1">Real Estate</a><br></td>
O4 - HKLM\..\Run: [ <td bgcolor="#3399FF" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1" class="wheader">Gifts</a><] c:\WINDOWS\System32\ <td bgcolor="#3399FF" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1" class="wheader">Gifts</a></td>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+basket&host=beneditutti.com&cat=1">Gift Basket</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+basket&host=beneditutti.com&cat=1">Gift Basket</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+certificate&host=beneditutti.com&cat=1">Gift Certificate</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+certificate&host=beneditutti.com&cat=1">Gift Certificate</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=flower&host=beneditutti.com&cat=1">Flower</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=flower&host=beneditutti.com&cat=1">Flower</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wedding+gift&host=beneditutti.com&cat=1">Wedding Gift</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wedding+gift&host=beneditutti.com&cat=1">Wedding Gift</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wine&host=beneditutti.com&cat=1">Wine</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wine&host=beneditutti.com&cat=1">Wine</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=jewelry&host=beneditutti.com&cat=1">Jewelry</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=jewelry&host=beneditutti.com&cat=1">Jewelry</a><br></td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#FF6600" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&cat=1" class="wheader">Shopping</a><] c:\WINDOWS\System32\ <td bgcolor="#FF6600" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&cat=1" class="wheader">Shopping</a></td>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1">Gift</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1">Gift</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=car&host=beneditutti.com&cat=1">Car</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=car&host=beneditutti.com&cat=1">Car</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=book&host=beneditutti.com&cat=1">Book</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=book&host=beneditutti.com&cat=1">Book</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=electronics&host=beneditutti.com&cat=1">Electronics</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=electronics&host=beneditutti.com&cat=1">Electronics</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=toy&host=beneditutti.com&cat=1">Toy</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=toy&host=beneditutti.com&cat=1">Toy</a><br></td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#333399" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&cat=1" class="wheader">Home</a><] c:\WINDOWS\System32\ <td bgcolor="#333399" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&cat=1" class="wheader">Home</a></td>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+loan&host=beneditutti.com&cat=1">Home Loan</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+loan&host=beneditutti.com&cat=1">Home Loan</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+improvement&host=beneditutti.com&cat=1">Home Improvement</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+improvement&host=beneditutti.com&cat=1">Home Improvement</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+buying&host=beneditutti.com&cat=1">Home Buying</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+buying&host=beneditutti.com&cat=1">Home Buying</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=interior+design&host=beneditutti.com&cat=1">Interior Design</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=interior+design&host=beneditutti.com&cat=1">Interior Design</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=pets&host=beneditutti.com&cat=1">Pets</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=pets&host=beneditutti.com&cat=1">Pets</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br></td>
O4 - HKLM\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKLM\..\Run: [ <td bgcolor="#FF0033" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&cat=1" class="wheader">Health</a><] c:\WINDOWS\System32\ <td bgcolor="#FF0033" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&cat=1" class="wheader">Health</a></td>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=life+insurance&host=beneditutti.com&cat=1">Life Insurance</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=life+insurance&host=beneditutti.com&cat=1">Life Insurance</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=health+insurance&host=beneditutti.com&cat=1">Health Insurance</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=health+insurance&host=beneditutti.com&cat=1">Health Insurance</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=weight+loss&host=beneditutti.com&cat=1">Weight Loss</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=weight+loss&host=beneditutti.com&cat=1">Weight Loss</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=nutrition&host=beneditutti.com&cat=1">Nutrition</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=nutrition&host=beneditutti.com&cat=1">Nutrition</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a><br>
O4 - HKLM\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=womens+health&host=beneditutti.com&cat=1">Womens Health</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=womens+health&host=beneditutti.com&cat=1">Womens Health</a><br></td>
O4 - HKLM\..\Run: [ </table><] c:\WINDOWS\System32\ </table></td>
O4 - HKLM\..\Run: [ <td width="175" align="right" valign="top"> <table border=0 cellspacing=0 cellpadding=0 width=] c:\WINDOWS\System32\ <td width="175" align="right" valign="top"> <table border=0 cellspacing=0 cellpadding=0 width=174>
O4 - HKLM\..\Run: [ <td height=25 bgcolor="#003399" class="whiteh2">Popular Categories<] c:\WINDOWS\System32\ <td height=25 bgcolor="#003399" class="whiteh2">Popular Categories</td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&side=1" class=category>Finance</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&side=1" class=category>Finance</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#D3DBE4><img src="http://parked.directnic.com/images/spacer.gif" height=1 width=174><] c:\WINDOWS\System32\ <td bgcolor=#D3DBE4><img src="http://parked.directnic.com/images/spacer.gif" height=1 width=174></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&side=1" class="category">Travel</a><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&side=1" class="category">Travel</a></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&side=1" class=category>Gifts</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&side=1" class=category>Gifts</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&side=1" class=category>Home</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&side=1" class=category>Home</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&side=1" class=category>Health</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&side=1" class=category>Health</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&side=1" class=category>Entertainment</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&side=1" class=category>Entertainment</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&side=1" class=category>Shopping</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&side=1" class=category>Shopping</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&side=1" class=category>Computing</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&side=1" class=category>Computing</A></td>
O4 - HKLM\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&side=1" class=category>Hobbies</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&side=1" class=category>Hobbies</A></td>
O4 - HKLM\..\Run: [<!-- Tracking] c:\WINDOWS\System32\<!-- Tracking -->
O4 - HKLM\..\Run: [<script language="Javascri] c:\WINDOWS\System32\<script language="Javascript">
O4 - HKLM\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKLM\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKLM\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKLM\..\Run: [if (location.hos] c:\WINDOWS\System32\if (location.host) {
O4 - HKLM\..\Run: [ var domain_name = '&d=' + location.h] c:\WINDOWS\System32\ var domain_name = '&d=' + location.host;
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [ var domain_name = '&d=unkno] c:\WINDOWS\System32\ var domain_name = '&d=unknown';
O4 - HKLM\..\Run: [if (document.referre] c:\WINDOWS\System32\if (document.referrer) {
O4 - HKLM\..\Run: [ var referrer_website = '&r=' + document.refer] c:\WINDOWS\System32\ var referrer_website = '&r=' + document.referrer;
O4 - HKLM\..\Run: [ var referrer_website = '&r=unkno] c:\WINDOWS\System32\ var referrer_website = '&r=unknown';
O4 - HKLM\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKLM\..\Run: [ var browser_name = '&b=' + escape(navigator.appNa] c:\WINDOWS\System32\ var browser_name = '&b=' + escape(navigator.appName);
O4 - HKLM\..\Run: [ var browser_name = '&b=unkno] c:\WINDOWS\System32\ var browser_name = '&b=unknown';
O4 - HKLM\..\Run: [if (navigator.userAgen] c:\WINDOWS\System32\if (navigator.userAgent) {
O4 - HKLM\..\Run: [ var full_browser_info = '&fbi=' + escape(navigator.userAge] c:\WINDOWS\System32\ var full_browser_info = '&fbi=' + escape(navigator.userAgent);
O4 - HKLM\..\Run: [ var full_browser_info = '&fbi=unkno] c:\WINDOWS\System32\ var full_browser_info = '&fbi=unknown';
O4 - HKLM\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKLM\..\Run: [ var app_version = '&aV=' + escape(navigator.appVersi] c:\WINDOWS\System32\ var app_version = '&aV=' + escape(navigator.appVersion);
O4 - HKLM\..\Run: [ var app_version = '&aV=unkno] c:\WINDOWS\System32\ var app_version = '&aV=unknown';
O4 - HKLM\..\Run: [if (navigator.javaEnabled(] c:\WINDOWS\System32\if (navigator.javaEnabled()) {
O4 - HKLM\..\Run: [ var java_enabled = '&jE=' + navigator.javaEnable] c:\WINDOWS\System32\ var java_enabled = '&jE=' + navigator.javaEnabled();
O4 - HKLM\..\Run: [ var java_enabled = '&jE=unkno] c:\WINDOWS\System32\ var java_enabled = '&jE=unknown';
O4 - HKLM\..\Run: [if (screen.widt] c:\WINDOWS\System32\if (screen.width) {
O4 - HKLM\..\Run: [dvsmpaff] C:\WINDOWS\System32\dvsmpaff.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Owen Morris"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//] c:\WINDOWS\System32\<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKCU\..\Run: [<title>the domain beneditutti.com is under construction</ti] c:\WINDOWS\System32\<title>the domain beneditutti.com is under construction</title>
O4 - HKCU\..\Run: [<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.c] c:\WINDOWS\System32\<meta name="description" content="beneditutti.com is under construction. This page is courtesy of directNIC.com">
O4 - HKCU\..\Run: [<meta name="keywords" content="beneditutti.c] c:\WINDOWS\System32\<meta name="keywords" content="beneditutti.com">
O4 - HKCU\..\Run: [<meta http-equiv="imagetoolbar" CONTENT="] c:\WINDOWS\System32\<meta http-equiv="imagetoolbar" CONTENT="no">
O4 - HKCU\..\Run: [<meta name="resource-type" content="docume] c:\WINDOWS\System32\<meta name="resource-type" content="document">
O4 - HKCU\..\Run: [<meta name="revisit-after" content="] c:\WINDOWS\System32\<meta name="revisit-after" content="14">
O4 - HKCU\..\Run: [<meta name="classification" content="Intern] c:\WINDOWS\System32\<meta name="classification" content="Internet">
O4 - HKCU\..\Run: [<meta name="robots" content="A] c:\WINDOWS\System32\<meta name="robots" content="ALL">
O4 - HKCU\..\Run: [<meta name="distribution" content="Glob] c:\WINDOWS\System32\<meta name="distribution" content="Global">
O4 - HKCU\..\Run: [<meta name="rating" content="A] c:\WINDOWS\System32\<meta name="rating" content="All">
O4 - HKCU\..\Run: [<meta name="doc-class" content="Complet] c:\WINDOWS\System32\<meta name="doc-class" content="Completed">
O4 - HKCU\..\Run: [<meta http-equiv="Content-Type" content="text/html; charset=iso-8859] c:\WINDOWS\System32\<meta http-equiv="Content-Type&qu

Reboot, run HijackThis again and post a fresh log please.

Edited by ColdinCbus, 12 July 2004 - 02:39 PM.


#8 sweatyteddy

sweatyteddy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 12 July 2004 - 06:54 PM

Alright. I fixed everything on Hijack you told me too and restarted my computer. Here's the log


Logfile of HijackThis v1.98.0
Scan saved at 6:53:40 PM, on 7/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Kazaa Lite K++\Kazaa.kpp
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\Kazaa.kpp" /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKCU\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKCU\..\Run: [<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#000] c:\WINDOWS\System32\<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#0000ff>
O4 - HKCU\..\Run: [<table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\<table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a><] c:\WINDOWS\System32\ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a></td>
O4 - HKCU\..\Run: [ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.<] c:\WINDOWS\System32\ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.</td>
O4 - HKCU\..\Run: [ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"><] c:\WINDOWS\System32\ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"></td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"><] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"></td>
O4 - HKCU\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> <] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> </td>
O4 - HKCU\..\Run: [ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"></td>
O4 - HKCU\..\Run: [</ta] c:\WINDOWS\System32\</table>
O4 - HKCU\..\Run: [<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EB] c:\WINDOWS\System32\<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EBF0">
O4 - HKCU\..\Run: [ <form method=get action="http://parked.directnic.com/result.p] c:\WINDOWS\System32\ <form method=get action="http://parked.directnic.com/result.php">
O4 - HKCU\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - HKCU\..\Run: [ <input type="hidden" name="search" value=] c:\WINDOWS\System32\ <input type="hidden" name="search" value="Y">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfie] c:\WINDOWS\System32\ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfield">
O4 - HKCU\..\Run: [ <input type="submit" name="Submit" value="Search" class="subm] c:\WINDOWS\System32\ <input type="submit" name="Submit" value="Search" class="submit">
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ </f] c:\WINDOWS\System32\ </form>
O4 - HKCU\..\Run: [ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Sear] c:\WINDOWS\System32\ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Searches
O4 - HKCU\..\Run: [ by Category<] c:\WINDOWS\System32\ by Category</td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10></td>
O4 - HKCU\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td valign="top" width="3] c:\WINDOWS\System32\ <td valign="top" width="33%">
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a><] c:\WINDOWS\System32\ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a></td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ <td valign=top class=linkl] c:\WINDOWS\System32\ <td valign=top class=linklist>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br></td>
O4 - HKCU\..\Run: [ </table><] c:\WINDOWS\System32\ </table></td>
O4 - HKCU\..\Run: [ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2></td>
O4 - HKCU\..\Run: [ <td bgcolor="#99CC66" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1" class="wheader">Travel</a><] c:\WINDOWS\System32\ <td bgcolor="#99CC66" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1" class="wheader">Travel</a></td>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=adventure+travel&host=beneditutti.com&cat=1">Adventure Travel</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=adventure+travel&host=beneditutti.com&cat=1">Adventure Travel</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=vacation&host=beneditutti.com&cat=1">Vacation</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=vacation&host=beneditutti.com&cat=1">Vacation</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=airline+ticket&host=beneditutti.com&cat=1">Airline Ticket</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=airline+ticket&host=beneditutti.com&cat=1">Airline Ticket</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=hotel&host=beneditutti.com&cat=1">Hotel</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=hotel&host=beneditutti.com&cat=1">Hotel</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1">Travel</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1">Travel</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=map&host=beneditutti.com&cat=1">Map</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=map&host=beneditutti.com&cat=1">Map</a><br></td>
O4 - HKCU\..\Run: [ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2></td>
O4 - HKCU\..\Run: [ <td valign="t] c:\WINDOWS\System32\ <td valign="top">
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td bgcolor="#00CC99" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&cat=1" class="wheader">Hobbies</a><] c:\WINDOWS\System32\ <td bgcolor="#00CC99" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&cat=1" class="wheader">Hobbies</a></td>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=craft&host=beneditutti.com&cat=1">Craft</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=craft&host=beneditutti.com&cat=1">Craft</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=cooking&host=beneditutti.com&cat=1">Cooking</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=cooking&host=beneditutti.com&cat=1">Cooking</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+decorating&host=beneditutti.com&cat=1">Home Decorating</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+decorating&host=beneditutti.com&cat=1">Home Decorating</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=sports&host=beneditutti.com&cat=1">Sports</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=sports&host=beneditutti.com&cat=1">Sports</a><br></td>
O4 - HKCU\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [ <td> <] c:\WINDOWS\System32\ <td> </td>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td bgcolor="#999999" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&cat=1" class="wheader">Entertainment</a><] c:\WINDOWS\System32\ <td bgcolor="#999999" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&cat=1" class="wheader">Entertainment</a></td>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gambling&host=beneditutti.com&cat=1">Gambling</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gambling&host=beneditutti.com&cat=1">Gambling</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=movie&host=beneditutti.com&cat=1">Movie</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=movie&host=beneditutti.com&cat=1">Movie</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=music&host=beneditutti.com&cat=1">Music</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=music&host=beneditutti.com&cat=1">Music</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=game&host=beneditutti.com&cat=1">Game</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=game&host=beneditutti.com&cat=1">Game</a><br>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [ <td bgcolor="#990000" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&cat=1" class="wheader">Finance</a><] c:\WINDOWS\System32\ <td bgcolor="#990000" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&cat=1" class="wheader">Finance</a></td>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=loan&host=beneditutti.com&cat=1">Loan</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=loan&host=beneditutti.com&cat=1">Loan</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=investing&host=beneditutti.com&cat=1">Investing</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=investing&host=beneditutti.com&cat=1">Investing</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=insurance&host=beneditutti.com&cat=1">Insurance</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=insurance&host=beneditutti.com&cat=1">Insurance</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=credit+card&host=beneditutti.com&cat=1">Credit Card</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=credit+card&host=beneditutti.com&cat=1">Credit Card</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=stock&host=beneditutti.com&cat=1">Stock</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=stock&host=beneditutti.com&cat=1">Stock</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=real+estate&host=beneditutti.com&cat=1">Real Estate</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=real+estate&host=beneditutti.com&cat=1">Real Estate</a><br></td>
O4 - HKCU\..\Run: [ <td bgcolor="#3399FF" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1" class="wheader">Gifts</a><] c:\WINDOWS\System32\ <td bgcolor="#3399FF" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1" class="wheader">Gifts</a></td>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+basket&host=beneditutti.com&cat=1">Gift Basket</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+basket&host=beneditutti.com&cat=1">Gift Basket</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+certificate&host=beneditutti.com&cat=1">Gift Certificate</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+certificate&host=beneditutti.com&cat=1">Gift Certificate</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=flower&host=beneditutti.com&cat=1">Flower</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=flower&host=beneditutti.com&cat=1">Flower</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wedding+gift&host=beneditutti.com&cat=1">Wedding Gift</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wedding+gift&host=beneditutti.com&cat=1">Wedding Gift</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wine&host=beneditutti.com&cat=1">Wine</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wine&host=beneditutti.com&cat=1">Wine</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=jewelry&host=beneditutti.com&cat=1">Jewelry</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=jewelry&host=beneditutti.com&cat=1">Jewelry</a><br></td>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td bgcolor="#FF6600" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&cat=1" class="wheader">Shopping</a><] c:\WINDOWS\System32\ <td bgcolor="#FF6600" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&cat=1" class="wheader">Shopping</a></td>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1">Gift</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1">Gift</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=car&host=beneditutti.com&cat=1">Car</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=car&host=beneditutti.com&cat=1">Car</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=book&host=beneditutti.com&cat=1">Book</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=book&host=beneditutti.com&cat=1">Book</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=electronics&host=beneditutti.com&cat=1">Electronics</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=electronics&host=beneditutti.com&cat=1">Electronics</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=toy&host=beneditutti.com&cat=1">Toy</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=toy&host=beneditutti.com&cat=1">Toy</a><br></td>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td bgcolor="#333399" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&cat=1" class="wheader">Home</a><] c:\WINDOWS\System32\ <td bgcolor="#333399" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&cat=1" class="wheader">Home</a></td>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+loan&host=beneditutti.com&cat=1">Home Loan</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+loan&host=beneditutti.com&cat=1">Home Loan</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+improvement&host=beneditutti.com&cat=1">Home Improvement</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+improvement&host=beneditutti.com&cat=1">Home Improvement</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+buying&host=beneditutti.com&cat=1">Home Buying</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+buying&host=beneditutti.com&cat=1">Home Buying</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=interior+design&host=beneditutti.com&cat=1">Interior Design</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=interior+design&host=beneditutti.com&cat=1">Interior Design</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=pets&host=beneditutti.com&cat=1">Pets</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=pets&host=beneditutti.com&cat=1">Pets</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br></td>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td bgcolor="#FF0033" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&cat=1" class="wheader">Health</a><] c:\WINDOWS\System32\ <td bgcolor="#FF0033" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&cat=1" class="wheader">Health</a></td>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=life+insurance&host=beneditutti.com&cat=1">Life Insurance</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=life+insurance&host=beneditutti.com&cat=1">Life Insurance</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=health+insurance&host=beneditutti.com&cat=1">Health Insurance</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=health+insurance&host=beneditutti.com&cat=1">Health Insurance</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=weight+loss&host=beneditutti.com&cat=1">Weight Loss</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=weight+loss&host=beneditutti.com&cat=1">Weight Loss</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=nutrition&host=beneditutti.com&cat=1">Nutrition</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=nutrition&host=beneditutti.com&cat=1">Nutrition</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a>] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a><br>
O4 - HKCU\..\Run: [   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=womens+health&host=beneditutti.com&cat=1">Womens Health</a><br><] c:\WINDOWS\System32\   <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=womens+health&host=beneditutti.com&cat=1">Womens Health</a><br></td>
O4 - HKCU\..\Run: [ </table><] c:\WINDOWS\System32\ </table></td>
O4 - HKCU\..\Run: [ <td width="175" align="right" valign="top"> <table border=0 cellspacing=0 cellpadding=0 width=] c:\WINDOWS\System32\ <td width="175" align="right" valign="top"> <table border=0 cellspacing=0 cellpadding=0 width=174>
O4 - HKCU\..\Run: [ <td height=25 bgcolor="#003399" class="whiteh2">Popular Categories<] c:\WINDOWS\System32\ <td height=25 bgcolor="#003399" class="whiteh2">Popular Categories</td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&side=1" class=category>Finance</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&side=1" class=category>Finance</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#D3DBE4><img src="http://parked.directnic.com/images/spacer.gif" height=1 width=174><] c:\WINDOWS\System32\ <td bgcolor=#D3DBE4><img src="http://parked.directnic.com/images/spacer.gif" height=1 width=174></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&side=1" class="category">Travel</a><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&side=1" class="category">Travel</a></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&side=1" class=category>Gifts</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&side=1" class=category>Gifts</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&side=1" class=category>Home</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&side=1" class=category>Home</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&side=1" class=category>Health</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&side=1" class=category>Health</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&side=1" class=category>Entertainment</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&side=1" class=category>Entertainment</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&side=1" class=category>Shopping</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&side=1" class=category>Shopping</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&side=1" class=category>Computing</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&side=1" class=category>Computing</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&side=1" class=category>Hobbies</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&side=1" class=category>Hobbies</A></td>
O4 - HKCU\..\Run: [<!-- Tracking] c:\WINDOWS\System32\<!-- Tracking -->
O4 - HKCU\..\Run: [<script language="Javascri] c:\WINDOWS\System32\<script language="Javascript">
O4 - HKCU\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKCU\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKCU\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKCU\..\Run: [if (location.hos] c:\WINDOWS\System32\if (location.host) {
O4 - HKCU\..\Run: [ var domain_name = '&d=' + location.h] c:\WINDOWS\System32\ var domain_name = '&d=' + location.host;
O4 - HKCU\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKCU\..\Run: [ var domain_name = '&d=unkno] c:\WINDOWS\System32\ var domain_name = '&d=unknown';
O4 - HKCU\..\Run: [if (document.referre] c:\WINDOWS\System32\if (document.referrer) {
O4 - HKCU\..\Run: [ var referrer_website = '&r=' + document.refer] c:\WINDOWS\System32\ var referrer_website = '&r=' + document.referrer;
O4 - HKCU\..\Run: [ var referrer_website = '&r=unkno] c:\WINDOWS\System32\ var referrer_website = '&r=unknown';
O4 - HKCU\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKCU\..\Run: [ var browser_name = '&b=' + escape(navigator.appNa] c:\WINDOWS\System32\ var browser_name = '&b=' + escape(navigator.appName);
O4 - HKCU\..\Run: [ var browser_name = '&b=unkno] c:\WINDOWS\System32\ var browser_name = '&b=unknown';
O4 - HKCU\..\Run: [if (navigator.userAgen] c:\WINDOWS\System32\if (navigator.userAgent) {
O4 - HKCU\..\Run: [ var full_browser_info = '&fbi=' + escape(navigator.userAge] c:\WINDOWS\System32\ var full_browser_info = '&fbi=' + escape(navigator.userAgent);
O4 - HKCU\..\Run: [ var full_browser_info = '&fbi=unkno] c:\WINDOWS\System32\ var full_browser_info = '&fbi=unknown';
O4 - HKCU\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKCU\..\Run: [ var app_version = '&aV=' + escape(navigator.appVersi] c:\WINDOWS\System32\ var app_version = '&aV=' + escape(navigator.appVersion);
O4 - HKCU\..\Run: [ var app_version = '&aV=unkno] c:\WINDOWS\System32\ var app_version = '&aV=unknown';
O4 - HKCU\..\Run: [if (navigator.javaEnabled(] c:\WINDOWS\System32\if (navigator.javaEnabled()) {
O4 - HKCU\..\Run: [ var java_enabled = '&jE=' + navigator.javaEnable] c:\WINDOWS\System32\ var java_enabled = '&jE=' + navigator.javaEnabled();
O4 - HKCU\..\Run: [ var java_enabled = '&jE=unkno] c:\WINDOWS\System32\ var java_enabled = '&jE=unknown';
O4 - HKCU\..\Run: [if (screen.widt] c:\WINDOWS\System32\if (screen.width) {
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://64.69.77.23/SafeCommon/downloads/WalletCab.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - AppInit_DLLs: wbsys.dll

#9 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 12 July 2004 - 07:46 PM

We are getting closer to getting that web page out. We are seeing the bottom of your log now.

To be safe, boot into safe mode http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

In safe mode, run HijackThis again and fix these entries;

O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<html>
O4 - HKCU\..\Run: [</h] c:\WINDOWS\System32\</head>
O4 - HKCU\..\Run: [<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#000] c:\WINDOWS\System32\<BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINHEIGHT="0" MARGINWIDTH="0" BGCOLOR="#FFFFFF" TEXT="#000000" vLink=#0000ff>
O4 - HKCU\..\Run: [<table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\<table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a><] c:\WINDOWS\System32\ <td background="http://parked.directnic.com/images/top_bg.gif"><a href="http://directnic.com"><img src="http://parked.directnic.com/images/dnic.gif" width="372" height="41" border="0"></a></td>
O4 - HKCU\..\Run: [ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.<] c:\WINDOWS\System32\ <td align="right" background="http://parked.directnic.com/images/top_bg.gif" class="head">beneditutti.com is under construction.</td>
O4 - HKCU\..\Run: [ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"><] c:\WINDOWS\System32\ <td width="10"><img src="http://parked.directnic.com/images/top_rt.gif" width="10" height="41"></td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"><] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"><img src="http://parked.directnic.com/images/btm_lt.gif" width="24" height="25" align="absmiddle"></td>
O4 - HKCU\..\Run: [ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> <] c:\WINDOWS\System32\ <td align="left" background="http://parked.directnic.com/images/btm_bg.gif" class="wtext"> </td>
O4 - HKCU\..\Run: [ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/btm_rt.gif" width="10" height="25"></td>
O4 - HKCU\..\Run: [</ta] c:\WINDOWS\System32\</table>
O4 - HKCU\..\Run: [<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EB] c:\WINDOWS\System32\<table WIDTH="100%" height="31" CELLPADDING="0" CELLSPACING="0" BORDER="0" BGCOLOR="#E7EBF0">
O4 - HKCU\..\Run: [ <form method=get action="http://parked.directnic.com/result.p] c:\WINDOWS\System32\ <form method=get action="http://parked.directnic.com/result.php">
O4 - HKCU\..\Run: [ <input type="hidden" name="host" value="beneditutti.c] c:\WINDOWS\System32\ <input type="hidden" name="host" value="beneditutti.com">
O4 - HKCU\..\Run: [ <input type="hidden" name="search" value=] c:\WINDOWS\System32\ <input type="hidden" name="search" value="Y">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfie] c:\WINDOWS\System32\ <td align="center" class=search>search the web: <input type=text name="Keywords" value="" class="textfield">
O4 - HKCU\..\Run: [ <input type="submit" name="Submit" value="Search" class="subm] c:\WINDOWS\System32\ <input type="submit" name="Submit" value="Search" class="submit">
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ </f] c:\WINDOWS\System32\ </form>
O4 - HKCU\..\Run: [ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding=] c:\WINDOWS\System32\ <td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="0">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Sear] c:\WINDOWS\System32\ <td height=25 align="center" bgcolor="#1C6ACB" class=wheader>Top Searches
O4 - HKCU\..\Run: [ by Category<] c:\WINDOWS\System32\ by Category</td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/spacer.gif" height=10 width=10></td>
O4 - HKCU\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td valign="top" width="3] c:\WINDOWS\System32\ <td valign="top" width="33%">
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ ] c:\WINDOWS\System32\ <tr>
O4 - HKCU\..\Run: [ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a><] c:\WINDOWS\System32\ <td bgcolor="#333333" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&cat=1" class="wheader">Computing</a></td>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </tr>
O4 - HKCU\..\Run: [ <td valign=top class=linkl] c:\WINDOWS\System32\ <td valign=top class=linklist>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+hosting&host=beneditutti.com&cat=1">Web Hosting</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=web+design&host=beneditutti.com&cat=1">Web Design</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer&host=beneditutti.com&cat=1">Computer</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+hardware&host=beneditutti.com&cat=1">Computer Hardware</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=software&host=beneditutti.com&cat=1">Software</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=computer+game&host=beneditutti.com&cat=1">Computer Game</a><br></td>
O4 - HKCU\..\Run: [ </table><] c:\WINDOWS\System32\ </table></td>
O4 - HKCU\..\Run: [ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2></td>
O4 - HKCU\..\Run: [ <td bgcolor="#99CC66" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1" class="wheader">Travel</a><] c:\WINDOWS\System32\ <td bgcolor="#99CC66" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1" class="wheader">Travel</a></td>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=adventure+travel&host=beneditutti.com&cat=1">Adventure Travel</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=adventure+travel&host=beneditutti.com&cat=1">Adventure Travel</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=vacation&host=beneditutti.com&cat=1">Vacation</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=vacation&host=beneditutti.com&cat=1">Vacation</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=airline+ticket&host=beneditutti.com&cat=1">Airline Ticket</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=airline+ticket&host=beneditutti.com&cat=1">Airline Ticket</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=hotel&host=beneditutti.com&cat=1">Hotel</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=hotel&host=beneditutti.com&cat=1">Hotel</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1">Travel</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&cat=1">Travel</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=map&host=beneditutti.com&cat=1">Map</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=map&host=beneditutti.com&cat=1">Map</a><br></td>
O4 - HKCU\..\Run: [ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2><] c:\WINDOWS\System32\ <td><img src="http://parked.directnic.com/images/vdots.gif" width=1 height=101 hspace=2></td>
O4 - HKCU\..\Run: [ <td valign="t] c:\WINDOWS\System32\ <td valign="top">
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td bgcolor="#00CC99" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&cat=1" class="wheader">Hobbies</a><] c:\WINDOWS\System32\ <td bgcolor="#00CC99" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&cat=1" class="wheader">Hobbies</a></td>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=craft&host=beneditutti.com&cat=1">Craft</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=craft&host=beneditutti.com&cat=1">Craft</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=cooking&host=beneditutti.com&cat=1">Cooking</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=cooking&host=beneditutti.com&cat=1">Cooking</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+decorating&host=beneditutti.com&cat=1">Home Decorating</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+decorating&host=beneditutti.com&cat=1">Home Decorating</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=sports&host=beneditutti.com&cat=1">Sports</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=sports&host=beneditutti.com&cat=1">Sports</a><br></td>
O4 - HKCU\..\Run: [ </ta] c:\WINDOWS\System32\ </table>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [ <td> <] c:\WINDOWS\System32\ <td> </td>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td bgcolor="#999999" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&cat=1" class="wheader">Entertainment</a><] c:\WINDOWS\System32\ <td bgcolor="#999999" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&cat=1" class="wheader">Entertainment</a></td>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gambling&host=beneditutti.com&cat=1">Gambling</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gambling&host=beneditutti.com&cat=1">Gambling</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=movie&host=beneditutti.com&cat=1">Movie</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=movie&host=beneditutti.com&cat=1">Movie</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=music&host=beneditutti.com&cat=1">Music</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=music&host=beneditutti.com&cat=1">Music</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=game&host=beneditutti.com&cat=1">Game</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=game&host=beneditutti.com&cat=1">Game</a><br>
O4 - HKCU\..\Run: [ <] c:\WINDOWS\System32\ </td>
O4 - HKCU\..\Run: [ <td bgcolor="#990000" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&cat=1" class="wheader">Finance</a><] c:\WINDOWS\System32\ <td bgcolor="#990000" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&cat=1" class="wheader">Finance</a></td>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=loan&host=beneditutti.com&cat=1">Loan</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=loan&host=beneditutti.com&cat=1">Loan</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=investing&host=beneditutti.com&cat=1">Investing</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=investing&host=beneditutti.com&cat=1">Investing</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=insurance&host=beneditutti.com&cat=1">Insurance</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=insurance&host=beneditutti.com&cat=1">Insurance</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=credit+card&host=beneditutti.com&cat=1">Credit Card</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=credit+card&host=beneditutti.com&cat=1">Credit Card</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=stock&host=beneditutti.com&cat=1">Stock</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=stock&host=beneditutti.com&cat=1">Stock</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=real+estate&host=beneditutti.com&cat=1">Real Estate</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=real+estate&host=beneditutti.com&cat=1">Real Estate</a><br></td>
O4 - HKCU\..\Run: [ <td bgcolor="#3399FF" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1" class="wheader">Gifts</a><] c:\WINDOWS\System32\ <td bgcolor="#3399FF" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1" class="wheader">Gifts</a></td>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+basket&host=beneditutti.com&cat=1">Gift Basket</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+basket&host=beneditutti.com&cat=1">Gift Basket</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+certificate&host=beneditutti.com&cat=1">Gift Certificate</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift+certificate&host=beneditutti.com&cat=1">Gift Certificate</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=flower&host=beneditutti.com&cat=1">Flower</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=flower&host=beneditutti.com&cat=1">Flower</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wedding+gift&host=beneditutti.com&cat=1">Wedding Gift</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wedding+gift&host=beneditutti.com&cat=1">Wedding Gift</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wine&host=beneditutti.com&cat=1">Wine</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=wine&host=beneditutti.com&cat=1">Wine</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=jewelry&host=beneditutti.com&cat=1">Jewelry</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=jewelry&host=beneditutti.com&cat=1">Jewelry</a><br></td>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td bgcolor="#FF6600" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&cat=1" class="wheader">Shopping</a><] c:\WINDOWS\System32\ <td bgcolor="#FF6600" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&cat=1" class="wheader">Shopping</a></td>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1">Gift</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&cat=1">Gift</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=car&host=beneditutti.com&cat=1">Car</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=car&host=beneditutti.com&cat=1">Car</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=book&host=beneditutti.com&cat=1">Book</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=book&host=beneditutti.com&cat=1">Book</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=electronics&host=beneditutti.com&cat=1">Electronics</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=electronics&host=beneditutti.com&cat=1">Electronics</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=toy&host=beneditutti.com&cat=1">Toy</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=toy&host=beneditutti.com&cat=1">Toy</a><br></td>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td bgcolor="#333399" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&cat=1" class="wheader">Home</a><] c:\WINDOWS\System32\ <td bgcolor="#333399" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&cat=1" class="wheader">Home</a></td>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+loan&host=beneditutti.com&cat=1">Home Loan</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+loan&host=beneditutti.com&cat=1">Home Loan</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+improvement&host=beneditutti.com&cat=1">Home Improvement</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+improvement&host=beneditutti.com&cat=1">Home Improvement</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+buying&host=beneditutti.com&cat=1">Home Buying</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=home+buying&host=beneditutti.com&cat=1">Home Buying</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=interior+design&host=beneditutti.com&cat=1">Interior Design</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=interior+design&host=beneditutti.com&cat=1">Interior Design</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=pets&host=beneditutti.com&cat=1">Pets</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=pets&host=beneditutti.com&cat=1">Pets</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=gardening&host=beneditutti.com&cat=1">Gardening</a><br></td>
O4 - HKCU\..\Run: [ <table width="100%" border="0" cellpadding="0" cellspacing=] c:\WINDOWS\System32\ <table width="100%" border="0" cellpadding="0" cellspacing="0">
O4 - HKCU\..\Run: [ <td bgcolor="#FF0033" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&cat=1" class="wheader">Health</a><] c:\WINDOWS\System32\ <td bgcolor="#FF0033" valign=top height="16"><a href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&cat=1" class="wheader">Health</a></td>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=life+insurance&host=beneditutti.com&cat=1">Life Insurance</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=life+insurance&host=beneditutti.com&cat=1">Life Insurance</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=health+insurance&host=beneditutti.com&cat=1">Health Insurance</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=health+insurance&host=beneditutti.com&cat=1">Health Insurance</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=weight+loss&host=beneditutti.com&cat=1">Weight Loss</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=weight+loss&host=beneditutti.com&cat=1">Weight Loss</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=nutrition&host=beneditutti.com&cat=1">Nutrition</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=nutrition&host=beneditutti.com&cat=1">Nutrition</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a>] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=fitness&host=beneditutti.com&cat=1">Fitness</a><br>
O4 - HKCU\..\Run: [ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=womens+health&host=beneditutti.com&cat=1">Womens Health</a><br><] c:\WINDOWS\System32\ <b>·</b> <a href="http://parked.directnic.com/result.php?Keywords=womens+health&host=beneditutti.com&cat=1">Womens Health</a><br></td>
O4 - HKCU\..\Run: [ </table><] c:\WINDOWS\System32\ </table></td>
O4 - HKCU\..\Run: [ <td width="175" align="right" valign="top"> <table border=0 cellspacing=0 cellpadding=0 width=] c:\WINDOWS\System32\ <td width="175" align="right" valign="top"> <table border=0 cellspacing=0 cellpadding=0 width=174>
O4 - HKCU\..\Run: [ <td height=25 bgcolor="#003399" class="whiteh2">Popular Categories<] c:\WINDOWS\System32\ <td height=25 bgcolor="#003399" class="whiteh2">Popular Categories</td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&side=1" class=category>Finance</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=finance&host=beneditutti.com&side=1" class=category>Finance</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#D3DBE4><img src="http://parked.directnic.com/images/spacer.gif" height=1 width=174><] c:\WINDOWS\System32\ <td bgcolor=#D3DBE4><img src="http://parked.directnic.com/images/spacer.gif" height=1 width=174></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&side=1" class="category">Travel</a><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><a href="http://parked.directnic.com/result.php?Keywords=travel&host=beneditutti.com&side=1" class="category">Travel</a></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&side=1" class=category>Gifts</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=gift&host=beneditutti.com&side=1" class=category>Gifts</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&side=1" class=category>Home</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=home&host=beneditutti.com&side=1" class=category>Home</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&side=1" class=category>Health</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=health&host=beneditutti.com&side=1" class=category>Health</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&side=1" class=category>Entertainment</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=entertainment&host=beneditutti.com&side=1" class=category>Entertainment</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&side=1" class=category>Shopping</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=shopping&host=beneditutti.com&side=1" class=category>Shopping</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&side=1" class=category>Computing</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=computing&host=beneditutti.com&side=1" class=category>Computing</A></td>
O4 - HKCU\..\Run: [ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&side=1" class=category>Hobbies</A><] c:\WINDOWS\System32\ <td bgcolor=#F4F6F8 onMouseover="this.style.backgroundColor='#CCCCCC'" onMouseout="this.style.backgroundColor='#F4F6F8'"><img src="http://parked.directnic.com/images/arrow.gif" width=4 height=7 hspace=12 vspace=7 align=absmiddle><A href="http://parked.directnic.com/result.php?Keywords=hobby&host=beneditutti.com&side=1" class=category>Hobbies</A></td>
O4 - HKCU\..\Run: [<!-- Tracking] c:\WINDOWS\System32\<!-- Tracking -->
O4 - HKCU\..\Run: [<script language="Javascri] c:\WINDOWS\System32\<script language="Javascript">
O4 - HKCU\..\Run: [// do not make any changes to anything past this point or tracking script will not ] c:\WINDOWS\System32\// do not make any changes to anything past this point or tracking script will not work
O4 - HKCU\..\Run: [var d] c:\WINDOWS\System32\var data;
O4 - HKCU\..\Run: [document.cookie='__support_check] c:\WINDOWS\System32\document.cookie='__support_check=1';
O4 - HKCU\..\Run: [if (location.hos] c:\WINDOWS\System32\if (location.host) {
O4 - HKCU\..\Run: [ var domain_name = '&d=' + location.h] c:\WINDOWS\System32\ var domain_name = '&d=' + location.host;
O4 - HKCU\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKCU\..\Run: [ var domain_name = '&d=unkno] c:\WINDOWS\System32\ var domain_name = '&d=unknown';
O4 - HKCU\..\Run: [if (document.referre] c:\WINDOWS\System32\if (document.referrer) {
O4 - HKCU\..\Run: [ var referrer_website = '&r=' + document.refer] c:\WINDOWS\System32\ var referrer_website = '&r=' + document.referrer;
O4 - HKCU\..\Run: [ var referrer_website = '&r=unkno] c:\WINDOWS\System32\ var referrer_website = '&r=unknown';
O4 - HKCU\..\Run: [if (navigator.appNam] c:\WINDOWS\System32\if (navigator.appName) {
O4 - HKCU\..\Run: [ var browser_name = '&b=' + escape(navigator.appNa] c:\WINDOWS\System32\ var browser_name = '&b=' + escape(navigator.appName);
O4 - HKCU\..\Run: [ var browser_name = '&b=unkno] c:\WINDOWS\System32\ var browser_name = '&b=unknown';
O4 - HKCU\..\Run: [if (navigator.userAgen] c:\WINDOWS\System32\if (navigator.userAgent) {
O4 - HKCU\..\Run: [ var full_browser_info = '&fbi=' + escape(navigator.userAge] c:\WINDOWS\System32\ var full_browser_info = '&fbi=' + escape(navigator.userAgent);
O4 - HKCU\..\Run: [ var full_browser_info = '&fbi=unkno] c:\WINDOWS\System32\ var full_browser_info = '&fbi=unknown';
O4 - HKCU\..\Run: [if (navigator.appVersio] c:\WINDOWS\System32\if (navigator.appVersion) {
O4 - HKCU\..\Run: [ var app_version = '&aV=' + escape(navigator.appVersi] c:\WINDOWS\System32\ var app_version = '&aV=' + escape(navigator.appVersion);
O4 - HKCU\..\Run: [ var app_version = '&aV=unkno] c:\WINDOWS\System32\ var app_version = '&aV=unknown';
O4 - HKCU\..\Run: [if (navigator.javaEnabled(] c:\WINDOWS\System32\if (navigator.javaEnabled()) {
O4 - HKCU\..\Run: [ var java_enabled = '&jE=' + navigator.javaEnable] c:\WINDOWS\System32\ var java_enabled = '&jE=' + navigator.javaEnabled();
O4 - HKCU\..\Run: [ var java_enabled = '&jE=unkno] c:\WINDOWS\System32\ var java_enabled = '&jE=unknown';
O4 - HKCU\..\Run: [if (screen.widt] c:\WINDOWS\System32\if (screen.width) {

Reboot, scan with HijackThis and post a fresh log please.

#10 sweatyteddy

sweatyteddy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 15 July 2004 - 04:09 PM

Did as you said. Here's the log.
Logfile of HijackThis v1.98.0
Scan saved at 4:05:42 PM, on 7/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kazaa Lite K++\Kazaa.kpp
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\Kazaa.kpp" /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://64.69.77.23/SafeCommon/downloads/WalletCab.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - AppInit_DLLs: wbsys.dll


Thank you so much- Owen

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:13 AM

Posted 16 July 2004 - 11:14 AM

Looks clean to me. Good job!

Now that you are clean, please follow this simple step and use the following programs:

Visit http://www.windowsupdate.com regularly. This will ensure that you have the latest patches for your operating system installed. If there are new updates to install, install all the critical updates, reboot and revisit the site until there are no more critical updates.

I would strongly advise you download and install SpywareBlaster and Spybot (With TeaTimer)

Tutorials and download locations for each programs can be found below. They will help to prevent a lot of future reinfections.

Using SpywareBlaster to protect your web browser

Using Spybot - Search & Destroy to remove Spyware from Your Computer

Glad i was able to help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users