Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware Infection


  • Please log in to reply

#1
td323i

td323i

    Member

  • Member
  • PipPip
  • 43 posts
Hi All,
Working on another computer thats got some sort of spyware infection. Please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:42 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\DOCUME~1\BRENDA~1\MYDOCU~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Brenda Contreras\Application Data\fifpw.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070104
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070104
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\BRENDA~1\MYDOCU~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Windows Adapter 5.1.3214] C:\Documents and Settings\Brenda Contreras\Application Data\fifpw.exe
O4 - HKCU\..\Run: [Zinaps7] "C:\Documents and Settings\Brenda Contreras\Application Data\Zinaps7\Zinaps7.exe" /MIN
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm869YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://dell.kodakgal..._2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://brookseckerd....tupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9972 bytes


Thanks,
Td
  • 0

Advertisements


#2
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi TD :)

I'm in training right now so I am posting under supervision, there may be a lag between my replies as they have to be checked before I say them to you. I have gone through your log and will be posting help for you shortly :)

If you have already resolved this problem or are receiving help elsewhere please let us know so this topic can be closed :)
  • 0

#3
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi,
I'm still in need of assistance. Welcome aboard!! I'll be easy on ya!!
  • 0

#4
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hello again, hopefully easy on me :)

Please print these directions or save them to a notepad file for later reference.

Reboot into safe mode
Restart your computer. As soon as it starts booting up continuously tap F8. A menu should come up, white text on a black screen, select "Safe Mode" on the list and press enter.

Please go to Start > Control Panel > Add/Remove Programs and remove the following:
- Zinaps Antispyware
- One Step Search
- Viewpoint Manager
- My Websearch

Please note any other programs that you don't recognize in that list in your next response.

Next, reboot your computer back into normal mode

You need an Antivirus Program
AVG Antivirus is an antivirus program that is free for home users. Please go here to download and install the program. Once it's installed please open the program, update it and scan your computer.

You need a better antispyware program
- Download and scan with SUPERAntiSpyware Free for Home Users
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- Under "Configuration and Preferences", click the "Preferences" button.
- Click the "Scanning Control" tab.
- Under "Scanner Options" make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
- Click the "Close" button to leave the control centre screen.
- Back on the main screen, under "Scan for Harmful Software" click "Scan your computer".
- On the left, make sure you check "C:\Fixed Drive".
- On the right, under "Complete Scan", choose "Perform Complete Scan".
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that says "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click "Preferences, then click the "Statistics/Logs" tab.
  • Under Scanner Logs, double-click "SUPERAntiSpyware Scan Log".
  • If there are several logs, click the current dated log and press "View log". A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
- Click "Close" to exit the program.

Get DSS Logs
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When the scan has finished, two notepad files will open named main.txt and extra.txt. Please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in one reply and extra.txt in a separate reply.

Next Post Requirements
- Superantispyware Log
- 2nd post DSS Main.txt Log
- 3rd post DSS Extra.txt Log
  • 0

#5
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/10/2008 at 00:15 AM

Application Version : 4.15.1000

Core Rules Database Version : 3478
Trace Rules Database Version: 1469

Scan type : Complete Scan
Total Scan Time : 01:07:59

Memory items scanned : 539
Memory threats detected : 0
Registry items scanned : 6537
Registry threats detected : 0
File items scanned : 86919
File threats detected : 432

Adware.Tracking Cookie
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][3].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][8].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][3].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][3].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][6].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][4].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected]_6l6d[1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected]iavh1com.112.2o7[1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][5].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][3].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][3].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][3].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][3].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][6].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][3].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][7].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][4].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][4].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected]u[2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][7].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][3].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][4].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][9].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][6].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][8].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][5].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Cookies\[email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][3].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][1].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt
C:\Documents and Settings\Brenda Contreras\Local Settings\Temp\Cookies\brenda [email protected][2].txt

Malware.Installer-Pkg/Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Adware.OneStepSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0059835.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP190\A0061077.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP190\A0061079.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP190\A0061080.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP190\A0061081.EXE


Deckard's System Scanner v20071014.68
Run by Brenda Contreras on 2008-06-10 17:53:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-06-10 21:53:39 UTC - RP194 - Deckard's System Scanner Restore Point
37: 2008-06-10 03:03:28 UTC - RP193 - Installed SUPERAntiSpyware Free Edition
36: 2008-06-10 01:41:22 UTC - RP192 - Installed AVG Free 8.0
35: 2008-06-10 01:39:36 UTC - RP191 - Removed Norton Security Scan
34: 2008-06-05 23:07:02 UTC - RP190 - Removed SweetIM for Messenger 2.5


-- First Restore Point --
1: 2008-03-11 22:55:26 UTC - RP157 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Brenda Contreras.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:09 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\DOCUME~1\BRENDA~1\MYDOCU~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Brenda Contreras\Desktop\dss.exe
C:\HIJACK~1\Brenda Contreras.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070104
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070104
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\BRENDA~1\MYDOCU~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm869YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://dell.kodakgal..._2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://brookseckerd....tupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\av
  • 0

#6
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Got cut off

Deckard's System Scanner v20071014.68
Run by Brenda Contreras on 2008-06-10 17:53:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-06-10 21:53:39 UTC - RP194 - Deckard's System Scanner Restore Point
37: 2008-06-10 03:03:28 UTC - RP193 - Installed SUPERAntiSpyware Free Edition
36: 2008-06-10 01:41:22 UTC - RP192 - Installed AVG Free 8.0
35: 2008-06-10 01:39:36 UTC - RP191 - Removed Norton Security Scan
34: 2008-06-05 23:07:02 UTC - RP190 - Removed SweetIM for Messenger 2.5


-- First Restore Point --
1: 2008-03-11 22:55:26 UTC - RP157 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Brenda Contreras.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:09 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\DOCUME~1\BRENDA~1\MYDOCU~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Brenda Contreras\Desktop\dss.exe
C:\HIJACK~1\Brenda Contreras.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070104
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070104
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\BRENDA~1\MYDOCU~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm869YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://dell.kodakgal..._2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://brookseckerd....tupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9078 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 20:58:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-20 09:00:00 386 --a------ C:\WINDOWS\Tasks\rpc.job


-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-09 23:03:47 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 23:03:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 23:03:29 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\SUPERAntiSpyware.com
2008-06-09 23:03:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 21:44:24 0 d--h----- C:\$AVG8.VAULT$
2008-06-09 21:41:29 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-09 21:41:22 0 d-------- C:\Program Files\AVG
2008-06-09 21:41:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-05 19:11:14 0 d-------- C:\hijackthis
2008-06-04 18:00:54 0 d-------- C:\Documents and Settings\All Users\Application Data\NannyMania
2008-06-04 15:12:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-06-04 12:48:50 0 d-------- C:\Documents and Settings\Brenda Contreras\Saved Games
2008-06-03 12:32:43 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\MysteryStudio
2008-06-03 11:12:56 0 --ahs---- C:\Documents and Settings\Brenda Contreras\Application Data\0048455f61.dat
2008-06-02 22:29:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-06-02 20:30:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-06-02 16:49:40 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Zinaps7
2008-06-02 14:24:29 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Oberon Games
2008-05-22 11:45:23 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Move Networks
2008-05-19 19:00:42 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\My Games
2008-05-13 22:08:07 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Snapfish
2008-05-13 19:50:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SweetIM


-- Find3M Report ---------------------------------------------------------------

2008-06-09 23:03:11 0 d-------- C:\Program Files\Common Files
2008-06-09 22:27:24 0 d-------- C:\Program Files\DIGStream
2008-06-09 21:39:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-09 21:34:27 0 d-------- C:\Program Files\Yahoo!
2008-06-09 21:25:07 0 d-------- C:\Program Files\Viewpoint
2008-06-09 21:24:57 0 d-------- C:\Program Files\MSN Games
2008-06-09 21:19:20 0 d-------- C:\Program Files\MyWebSearch
2008-06-04 21:49:55 33 --a------ C:\Documents and Settings\Brenda Contreras\Application Data\install.ini
2008-06-04 11:34:13 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\PlayFirst
2008-06-03 11:20:16 0 d-------- C:\Program Files\Yahoo! Games
2008-06-03 11:17:02 0 d-------- C:\Program Files\RealArcade
2008-05-26 17:44:48 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Gamelab
2008-05-23 22:15:19 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Corel
2008-05-23 22:15:15 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-23 22:15:15 88 -r-hs---- C:\WINDOWS\system32\1D06CEE84A.sys
2008-05-23 21:22:36 0 d-------- C:\Program Files\LimeWire
2008-05-23 20:29:28 1536 --a------ C:\Documents and Settings\Brenda Contreras\Application Data\dvd.bmk
2008-05-09 19:44:11 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Sandlot Games
2008-05-02 21:48:17 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Total Eclipse
2008-05-02 21:48:17 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Adobe
2008-04-27 17:42:41 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Macromedia
2008-04-27 10:33:54 0 d-------- C:\Documents and Settings\Brenda Contreras\Application Data\Eyeblaster
2008-03-21 09:38:31 4096 --a------ C:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 03:01 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 04:12 AM]
"SigmatelSysTrayApp"="stsystra.exe" [08/15/2006 03:38 AM C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 06:41 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/17/2007 08:20 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 06:20 AM]
"SsAAD.exe"="C:\DOCUME~1\BRENDA~1\MYDOCU~1\SsAAD.exe" [01/24/2005 08:58 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/09/2008 09:41 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [08/28/2006 10:57 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/05/2007 07:52 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/4/2007 10:28:15 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-06-10 17:56:30 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1022.42 MiB / 590.35 MiB
Pagefile Memory (total/avail): 2461.18 MiB / 2041.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.46 MiB

C: is Fixed (NTFS) - 69.79 GiB total, 49.54 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75MSA3 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 69.79 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Brenda Contreras\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRENDA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brenda Contreras
LOGONSERVER=\\BRENDA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp
USERDOMAIN=BRENDA
USERNAME=Brenda Contreras
USERPROFILE=C:\Documents and Settings\Brenda Contreras
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Brenda Contreras (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Catalyst Control Center --> MsiExec.exe /I{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom Management Programs --> MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Carrie the Caregiver --> "C:\Program Files\MSN Games\Carrie the Caregiver\Uninstall.exe" "C:\Program Files\MSN Games\Carrie the Caregiver\install.log"
Cathys Caribbean Club --> "C:\Program Files\MSN Games\Cathys Caribbean Club\Uninstall.exe" "C:\Program Files\MSN Games\Cathys Caribbean Club\install.log"
Chocolatier --> "C:\Program Files\MSN Games\Chocolatier\Uninstall.exe" "C:\Program Files\MSN Games\Chocolatier\install.log"
Chocolatier 2 Secret Ingredients --> "C:\Program Files\MSN Games\Chocolatier 2 Secret Ingredients\Uninstall.exe" "C:\Program Files\MSN Games\Chocolatier 2 Secret Ingredients\install.log"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Consumer Complete Care Services Agreement --> MsiExec.exe /X{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}
Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Cubis Gold 2 --> "C:\Program Files\MSN Games\Cubis Gold 2\Uninstall.exe" "C:\Program Files\MSN Games\Cubis Gold 2\install.log"
Cubis Gold 2 --> C:\PROGRA~1\YAHOO!~1\CUBISG~1\UNWISE.EXE C:\PROGRA~1\YAHOO!~1\CUBISG~1\INSTALL.LOG
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Doggie Dash --> "C:\Program Files\MSN Games\Doggie Dash\Uninstall.exe" "C:\Program Files\MSN Games\Doggie Dash\install.log"
Dr Daisy Pet Vet --> "C:\Program Files\MSN Games\Dr Daisy Pet Vet\Uninstall.exe" "C:\Program Files\MSN Games\Dr Daisy Pet Vet\install.log"
Dream Day First Home --> "C:\Program Files\MSN Games\Dream Day First Home\Uninstall.exe" "C:\Program Files\MSN Games\Dream Day First Home\install.log"
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Fashion Craze --> "C:\Program Files\MSN Games\Fashion Craze\Uninstall.exe" "C:\Program Files\MSN Games\Fashion Craze\install.log"
Fashion Craze (remove only) --> "C:\Program Files\Yahoo! Games\Fashion Craze\Uninstall.exe"
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\hijackthis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}\setup.exe" -l0x9 -removeonly
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Brenda Contreras\Application Data\Move Networks\ie_bin\Uninst.exe
Nanny Mania --> "C:\Program Files\MSN Games\Nanny Mania\Uninstall.exe" "C:\Program Files\MSN Games\Nanny Mania\install.log"
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OLYMPUS CAMEDIA Master 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.2
OpenMG Limited Patch 4.1-05-13-31-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicStage 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 -->
Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4924 / Warning
Event Submitted/Written: 06/09/2008 09:28:11 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type4917 / Error
Event Submitted/Written: 06/05/2008 07:19:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type4909 / Error
Event Submitted/Written: 06/04/2008 09:58:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x02b222a0.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type4903 / Error
Event Submitted/Written: 06/04/2008 08:51:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x02e522a0.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type4902 / Error
Event Submitted/Written: 06/04/2008 06:57:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x02cb22a0.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type28128 / Warning
Event Submitted/Written: 06/10/2008 05:45:41 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00188B787540. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type28014 / Error
Event Submitted/Written: 06/09/2008 09:29:33 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type28011 / Error
Event Submitted/Written: 06/09/2008 09:28:11 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Event Record #/Type28010 / Error
Event Submitted/Written: 06/09/2008 09:27:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type28009 / Error
Event Submitted/Written: 06/09/2008 09:24:00 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AmdK8
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip



-- End of Deckard's System Scanner: finished at 2008-06-10 17:56:30 ------------
  • 0

#7
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi,
Any word on my issue?
  • 0

#8
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi TD. Sorry for the wait :) I'm still waiting for my reply to be cleared to post for you.
  • 0

#9
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi TD :) Looking good. Now for the leftovers.

Re-open HiJackThis and scan. Check the boxes next to all the entries listed below:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm869YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Delete leftover folders
- open "my computer"
- click "tools" on the menu and select "folder options"
- click the "view tab"
- under "Hidden files and folders" click "Show hidden files and folders"
- make sure "hide protected operating system files" is unchecked. A warning window will pop up, click 'yes'
- next click the "apply" button
- click the "ok" button
- close the "my computer" window

Next, using Windows Explorer (right click the Start button and select "Explore"), please delete these folders (if present):
C:\Documents and Settings\Brenda Contreras\Application Data\Zinaps7
C:\Documents and Settings\All Users\Application Data\SweetIM
C:\Program Files\Viewpoint
C:\Program Files\MyWebSearch


When you're finished please post a new hijack this log and let me know how your system is running :)
  • 0

#10
td323i

td323i

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi,
Thanks for the info. Seems to be running better.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:24 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\DOCUME~1\BRENDA~1\MYDOCU~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070104
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070104
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\BRENDA~1\MYDOCU~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://dell.kodakgal..._2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://brookseckerd....tupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8711 bytes
  • 0

#11
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi TD :)

All finished then. Just some last things to do and you're done.

Your java is outdated
- Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
- Click on Continue.
- Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.

Reset your hidden/system files and folders
System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
- CHECK the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.

Reset and Re-enable your System Restore
This removes infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.

2. Restart your computer

3. Turn ON System Restore
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- UN-Check Turn off System Restore.
- Click Apply, and then click OK.

System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you do the following:
  • update and run a full scan weekly with AVG and SuperAntispyware now that you have them.
  • you should also have a good firewall. Here are 2 free ones available for personal use: Zone Alarm and Comodo. Please choose one to use, download and install it. Once its installed you will start getting requests for programs and files to access the internet. Only allow programs that you recognize.
  • To keep your operating system up to date visit Microsoft Windows Update monthly.
  • To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?
Have a safe and happy computing day! :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP