|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-13-2007, 02:07 AM
|
#1 (permalink) |
|
TSF Enthusiast
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 1,069
OS: Windows XP Svs.Pk 2
|
Browser's got mind of own
Thank you in advance for any help. Day before yesterday my browser started switching pages at about 5 minute intervals. It has changed home page to something I have never heard of but must be advertisement oriented. The header on the top (blue band) said Internet Speed Monitoring or something similar. Anyway, several years ago and on another computer I had obtained some spyware and the like and I used Spybot, so yesterday I downloaded spybot and have run it several times but things are still not normal and I am still getting pages and ads that I have not requested.
I have followed your 5 steps to the best of my ability. It almost seems like the closer I get to getting the help to fix these things, the more difficult "the things" are making it for me. I was unable to access step 5 to find out what it is. The scan I ran from step 2 didn't give me the option to save or see. I was able to download your recommended spyware program, but can't seem to open my document folder to open it up. or even find where the program was placed after it was downloaded. Oh yes and there is an addition on my toolbar called "Security Toolbar 7.1 with a meter for security level and a block adware/popups and remove spyware buttons. The ads now only seem to appear when I open a new page or tab (the tabs are not working instead new pages open up when I click a link). What do I try to do now? I have had this reconditioned e-machine for 2 years now without any trouble whatsoever. I am a tournament director for a league in club pogo and it makes me sick (and even feel like I have been a bad girl) that I picked up this trouble. Again, thank you in advance for your help. Your new friend, Cathy Sacramento, CA |
|
     |
|
12-17-2007, 05:24 AM
|
#2 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 3,247
OS: XP
|
Re: Browser's got mind of own
Hello Cathy and welcome to TSF.
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
======================= Logs Required C:\Deckard\System Scanner\main.txt C:\Deckard\System Scanner\extra.txt<----Attached
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information.  Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
12-20-2007, 01:07 PM
|
#3 (permalink) |
|
TSF Enthusiast
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 1,069
OS: Windows XP Svs.Pk 2
|
Re: Browser's got mind of own
Hi! Thank you for your assistance with my computer troubles. Sorry I didn't respond quickly. I just checked the mail today. I had convinced myself it looked like I was on my own on this one. Sorry for temporary lack of faith.
As I mentioned in my initial request for help (I think I said I was unable to access the DSS to down load it). Well, since then, I was able to download it, however, when I attempt to run it, I receive an error message dss.dll ......I tried several times. I deleted it from the desktop and downloaded it again with the same consequence. I even tried to Google it and see if I could go directly to the software site which I did not locate, but did find another tech support asking their people to utilize the program, so I followed their link, downloaded one more time and attempted to run it with the same error. I am not getting the unknown windows as often, however, they are still there, as well as the browser refusing to do what I want which then makes it necessary to close down and reload or even re boot the computer. Please let me know what you suggest I try. I also must confess, that against your forum directive, and only because I didn't think I was going to receive an answer to my post, I ran Spybot several times and removed the items flagged by that program.  I am sorry and promise I will not take any matters into my own hands. I will follow all your instructions to the letter.I have also been receiving this error the past 2 days: Microsoft Visual C++ Runtime Library Buffer overrun detected Program C:WINDOWS\Explorer.EXE A buffer overrun detected which has corrupted the programs internal state. The program cannot continue execution and must now be terminated.  Thanks and am waiting for your reply, Cathy |
|
|
|
|
12-20-2007, 05:41 PM
|
#4 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 3,247
OS: XP
|
Re: Browser's got mind of own
Hi Cathy
Can you give us the exact error message you receive when trying to run DSS(Deckard System Scanner). ======================== Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan Paste the Panda Scan report into your next reply. ================================= If you are still unable to run DSS then do this instead: Please download HijackThis to your desktop Alternate link This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless. =========================== Logs Required Panda Scan Report Hijackthis log
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
12-21-2007, 06:01 PM
|
#5 (permalink) |
|
TSF Enthusiast
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 1,069
OS: Windows XP Svs.Pk 2
|
Re: Browser's got mind of own
Hi Bruce!
Here is the info requested. Please excuse my inexperience. Here is the error message. It is in the form of the window that asks if you want to send the info to microsoft. I am describing what I see and what some of it says. Please ask again if I need to gather more info for you. the following error window opens and asks if I want to send Microsoft an error report: dss.exe has encountered a problem and needs to close. We are sorry for the inconvenience............etc etc and ......To see what data this error report contains, click here New Window ------------- dss.exe Error signature AppName: dss.exe AppVer:3.2.8.1 ModName: dss.dll ModVer: 0.0.0.0 Offset: 00002120 ---------- at the bottom click here to view technical information about the error report, click here --------- New Window -------- Error Report Contents ..........Bruce, this is a huge bunch of info and am unsure how to transmit it to you, however, it says "The following files will be included in this error report:" C:\DOCUME~1\Owner\LOCALS~1\Temp\faaa_appcompat.txt ................. I searched for this file, but it was not located I will be happy to type out the entire error report but it looks like that would be hard to do. Please advise if you require more info from it. when i scrolled through it I did notice the mention of the Microsoft Visual C++ Runtime Library....here is excerpt - there are six "columns" of information. The first 5 columns are numbers mostly however it seems messages appear in the 6th every so often....this one says =....mixcrt.EncodePointer...KERNEL32.DLL....DecodePointer....FlsF ree.FlsSetValue.FlsGetValue.FlsAlloc......G.C;E.6;E.Unknown exception.....G.m;E.csm................. ............runtime error......TLOSS error......DOMAIN error...........R6034..An application has made an attempt to load the C runtime library incorrectly..Pleaase contact the application's support team for more information.........R6033..- Attempt to use MSIL code from this assembly during native code initialization. This indicates a bug in your application. It is most likely the result of calling an MSUIL-compiled (/clr) function from a native constructor or from DllMain.....R6032..- not enough space for locale information ..Attempt to initialize the CRT more than once..This indicates a bug in your application....R6030.._CRT not initialized...R6028..-unable to initialize heap--------------- It goes on and on.....pls let me know if you require all this info. Incident Status Location PANDA SCAN LOG Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vtpambmp.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cilocdxa.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hoveapaa.exe Adware:adware/24-7-search Not disinfected c:\windows\system32\unPPC.exe Adware:adware/outerinfo Not disinfected Windows Registry Possible Virus. Not disinfected C:\Deckard\System Scanner\20071213104756\backup\DOCUME~1\Owner\LOCALS~1\Temp\AolCoach.cab[.\Data.ns\Player\AOLNySEV.exe] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[3].txt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:51:54 PM, on 12/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal --------------------------------------------- HIJACKTHIS LOG Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\hoveapaa.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\VTTimer.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\PeoplePC\ISP6300\Browser\PPShared.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe C:\Program Files\PeoplePC Accelerated\PeoplePC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greatdaygames.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6300\BIN\PPCOLink.exe -STATION O4 - HKLM\..\Run: [20299561] rundll32.exe "C:\WINDOWS\system32\vtpambmp.dll",b O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.5.0.4.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {40AC0F29-DF27-4711-B279-48B1F83A66AB} (AtlBoxWordCtlAttrib Class) - http://kraisoft.com/files/online/aquacade.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_34.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/qadummy/abxgh.cab O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/fr...esLauncher.cab O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/eng/hunter_2_0_0_26.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://67.15.101.3/g_bin/eng/pirate_2_0_0_29.cab O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.3/g_bin/eng/domino_2_0_0_33.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/eng/marbles_2_0_0_31.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/eng/breakout_2_0_0_28.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/fr...g.1.0.0.33.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/gh...ylomplayer.cab O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab56649.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/def...andaonline.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pc...loader_v10.cab O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/eng/mahjong_2_0_0_29.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://aolsvc.aol.com/onlinegames/fr...a.1.0.0.22.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/eng/billard9_2_0_0_32.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/eng/billardt_2_0_0_34.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ABBCE440-EABF-420E-9E63-1AB382A9D8B6}: NameServer = 209.244.0.3 209.244.0.4 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DomainService - - C:\WINDOWS\system32\hoveapaa.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 13381 bytes Again I stand ready for instructions Me, Cathy |
|
|
|
|
12-22-2007, 12:41 PM
|
#6 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 3,247
OS: XP
|
Re: Browser's got mind of own
Hello again Cathy
I`ll have a chat with the tools author about that error message, in the meantime i see by your hijackthis log you have two antivirus programs installed. Having two such programs installed can cause a multitude of problems which could lead to a system crash. Please remove either Norton/Symantec or Mcafee. If removing Norton, please download a run the Norton Removal Tool. You can Remove Mcafee via Add/Remove: Click > Start > Control Panel > Add / Remove Programs. Once done do this: Hijackthis Uninstall List * Start HijackThis * Click on the Config button * Click on the Misc Tools button * Click on the Open Uninstall Manager button. * You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next reply. ==================== Logs Required Uninstall List from Hijackthis
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
12-26-2007, 02:45 PM
|
#7 (permalink) |
|
TSF Enthusiast
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 1,069
OS: Windows XP Svs.Pk 2
|
Re: Browser's got mind of own
I have uninstalled Norton. When I follow your instructions for HijackThis save Uninstall list it closes the program. Pls advise. thanks Cathy
|
|
|
|
|
12-27-2007, 05:15 AM
|
#8 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 3,247
OS: XP
|
Re: Browser's got mind of own
Hello again Cathy
Lets try to remove some of those infections showing in your log and see if this will alleviate some of the problems your are having. =============================== Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. ----------------- Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.Its important that you follow this through until i give you the all clear,a lack of symptoms does not mean that you are clean. ==================================== Download ComboFix from Here or here **Save it to your desktop**Do not run just yet,we will shortly ======================================= Disconnect from the internet =========================================  Go to  → Run → paste in the single line command & click OK"%userprofile%\desktop\combofix.exe" /killallWhen finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall =============================== Right-click on Hijackthis(on your desktop)and select rename. *Rename HijackThis.exe to cathy.exe ================================= Hijackthis Uninstall List * Start HijackThis * Click on the Config button * Click on the Misc Tools button * Click on the Open Uninstall Manager button. * You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next reply. Once finished click on the Main button and follow instructions below. ========================= Click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ========================= Reconnect to the internet and post the required logs ============================ Logs Required C:\Combofix.txt Uninstall list from Hijackthis Hijackthis log
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
12-28-2007, 04:53 AM
|
#9 (permalink) |
|
TSF Enthusiast
Join Date: Dec 2007
Location: Sacramento, CA
Posts: 1,069
OS: Windows XP Svs.Pk 2
|
Re: Browser's got mind of own
Per your request - check this out - ALL 3 logs - woohoo!! ComboFix 07-12-21.4 - Owner 2007-12-28 3:20:54.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.170 [GMT -8:00] Running from: C:\Documents and Settings\Owner\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\Owner\Application Data\FNTS~1 C:\Documents and Settings\Owner\Favorites\Online Security Guide.lnk C:\Program Files\autorun.inf C:\Program Files\QdrDrive C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20 C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\activextest.bat C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\Music\Level01.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\Music\Level01B.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM01.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM02.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM03.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ANYLOOP.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BONUS100.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSCENERY01.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSWEET01.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUTTONCLICK.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_CASCADEGOOD.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_COMBOGOOD.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FAILED.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FIREWOOSH01.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY01.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY02.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KEYSTROKE.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_LAUNCHERDOWN.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_POP01.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PRODUCTION01.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUREWIND.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERBONUS.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERPOP.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGEND.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGLOOP.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGSTART.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHERBETDONE.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHUFFLE.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKEREND.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERLOOP.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERSTART.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SWAP.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_TRANSITION.ogg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\arcadepanel.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\dialog.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\fullscreendialoglocal.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\infodialog.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\longdialog.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\panel.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\screenshots.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\submitdialog.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\textfield.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\yesnodialog.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_down.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_over.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_up.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_down.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_over.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_up.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_down.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_over.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_up.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_down.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_over.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_up.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttondown.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttonrollover.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttonup.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\checkdown.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\checkup.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\choosenamedown.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\choosenameover.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_down.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_over.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_up.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderknob.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderknobover.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderrail.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\cursor\cursor.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\cursor\nocursor.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\fonts\main.mvec C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Comic\Intros.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Comic\TipWindow.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Flame.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Hot.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_PowerUp.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Ring.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Sherbet.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Steam.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_SugarFloor.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_White.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01_PistonA.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02_RingA.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03_HammerA.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04_CrankA.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach05A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_CrossA.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_PistonA.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach07A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach08A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach09A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase01A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase02A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01B.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02B.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleBase.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleDoor.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead2.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHole.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleA.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleB.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray1.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray2.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateAhead.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateFire.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateLeft.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateRight.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSling.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSlingA.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTop.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTunnel.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerTop.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerWind.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Glass\Glass01.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Ingredients\Ingredient02.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Machines\Mach02A.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Walls\Wall02.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01B.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01C.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointCross01A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointStraight01A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Vent01.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01B.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02B.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03A.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03B.mesh C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\Channel06.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\ChannelShadow.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\InsChannel.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Floors\Floor01.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\Pusher.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherBang.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherWheel.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow01.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow02.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetA.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC_S.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG_S.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetH.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP_S.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetPUs.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR_S.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS_S.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetShine.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\MacLight01.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\VatPipes01.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\InGame\PUDialog.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\InstBackdrop.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\SweetTypes.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingBar.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingScreen.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\MainMenu\MainMenuScreen.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGameHole.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGamePointer.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_large.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_small.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\hi.jpg C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\local-hs-bb.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\p1icon.png C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A01.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A02.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A03.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A04.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A05.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A06.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A07.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A08.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A09.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A10.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C01.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C02.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C03.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C04.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C05.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C06.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C07.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C08.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C09.lev C:\WINDOWS\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C10.lev C:\WINDOWS\Downloaded Program Fil |
located at the bottom of the page.
then click 