Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IEhlpr [CLOSED]

Started by jennysweet2 , Jul 03 2008 02:48 AM

  • This topic is locked This topic is locked

#1
jennysweet2
Posted 03 July 2008 - 02:48 AM

jennysweet2

    Member

  • Member
  • PipPip
  • 12 posts
I need some help removing the spyware IEhlpr. This spyware makes Chinese characters on my address bar and I tried removing via the SBC antivirus, but the characters are still there.

Please help.

Thanks
Jnell
  • 0

Advertisements

#2
Thunderbird1988
Posted 04 July 2008 - 08:34 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Jnell,

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
jennysweet2
Posted 05 July 2008 - 07:53 PM

jennysweet2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
okay here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:18 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-3045924288-377846224-839989715-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: RgrwCNUQYyg - {08A1BFB2-A20B-1518-6C7A-A4044DE6E2AB} - C:\WINDOWS\System32\ha.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 6563 bytes
  • 0

#4
Thunderbird1988
Posted 06 July 2008 - 02:45 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello jennysweet2,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Thunderbird1988
  • 0

#5
jennysweet2
Posted 06 July 2008 - 03:14 PM

jennysweet2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is main.txt and extra is below main.
Thanks for responding to me.

-Jnell

Deckard's System Scanner v20071014.68
Run by jenny on 2008-07-06 16:08:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
79: 2008-07-06 22:08:20 UTC - RP1065 - Deckard's System Scanner Restore Point
78: 2008-07-06 19:35:39 UTC - RP1064 - System Checkpoint
77: 2008-07-05 18:16:39 UTC - RP1063 - System Checkpoint
76: 2008-07-04 17:30:11 UTC - RP1062 - System Checkpoint
75: 2008-07-03 09:17:59 UTC - RP1061 - Removed Dual Mode Digital Camera 5.0M S


-- First Restore Point --
1: 2008-04-08 19:06:29 UTC - RP987 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as jenny.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:11 PM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\jenny\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jenny.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-3045924288-377846224-839989715-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: RgrwCNUQYyg - {08A1BFB2-A20B-1518-6C7A-A4044DE6E2AB} - C:\WINDOWS\System32\ha.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 6398 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SSHDRV65 - c:\windows\system32\drivers\sshdrv65.sys
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>

S3 DCamUSBDXG014 (Dual Mode Video Camera) - c:\windows\system32\drivers\dxg014w2.sys (file missing)
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP


-- Scheduled Tasks -------------------------------------------------------------

2008-07-06 15:39:02 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-04 18:00:00 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2004-11-15 17:39:49 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job
2004-11-15 17:39:49 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-05 20:52:52 0 d-------- C:\Program Files\Trend Micro
2008-07-04 10:40:38 0 d---s---- C:\Documents and Settings\Guest\UserData
2008-07-04 10:18:38 0 dr-h----- C:\Documents and Settings\Guest\Application Data\yahoo!
2008-07-04 10:18:32 0 d-------- C:\Documents and Settings\Guest\Application Data\Windows Live Writer
2008-07-03 14:23:07 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2008-07-03 04:01:23 0 d-------- C:\Documents and Settings\jenny\Contacts
2008-07-03 03:22:29 0 d-------- C:\Program Files\Enigma Software Group
2008-07-03 01:53:52 0 d-------- C:\Documents and Settings\Guest\Application Data\FaxCtr
2008-07-03 01:52:38 0 dr------- C:\Documents and Settings\Guest\Favorites
2008-07-03 01:52:38 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-07-03 01:52:38 0 d---s---- C:\Documents and Settings\Guest\Cookies
2008-07-03 01:52:38 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-07-03 01:52:38 0 d-------- C:\Documents and Settings\Guest\Application Data\Symantec
2008-07-03 01:52:38 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2008-07-03 01:52:38 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-07-03 01:52:38 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-07-03 01:52:38 0 d-------- C:\Documents and Settings\Guest\Application Data\CyberLink
2008-07-03 01:52:37 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-07-03 01:52:37 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-07-03 01:52:37 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-07-03 01:52:37 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-07-03 01:52:37 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-07-03 01:52:37 1048576 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-07-03 01:52:37 0 d-------- C:\Documents and Settings\Guest\NetHood
2008-07-03 01:52:37 0 dr------- C:\Documents and Settings\Guest\My Documents
2008-07-03 01:52:37 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-06-19 14:40:54 0 d-------- C:\Documents and Settings\Doris Pennington\Application Data\AdobeUM
2008-06-19 14:40:25 0 d-------- C:\Documents and Settings\Doris Pennington\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-07-03 04:00:26 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-03 03:18:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 03:18:26 0 d-------- C:\Program Files\Common Files
2008-07-03 03:09:37 0 d-------- C:\Program Files\Lx_cats
2008-07-02 18:00:01 0 d-------- C:\Program Files\Norton Security Scan


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
02/06/2007 03:11 PM 78848 --a------ C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [01/10/2005 03:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RgrwCNUQYyg"= {08A1BFB2-A20B-1518-6C7A-A4044DE6E2AB} - C:\WINDOWS\System32\ha.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPPDetect]
C:\PROGRA~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
"C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
"C:\Program Files\Lexmark 3300 Series\lxccmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
"C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Start UP]
C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\eMachines Bay Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart




-- End of Deckard's System Scanner: finished at 2008-07-06 16:12:14 ------------

eckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 502.73 MiB / 259.31 MiB
Pagefile Memory (total/avail): 1226.82 MiB / 990.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.57 MiB

C: is Fixed (NTFS) - 186.31 GiB total, 154.94 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JD-22HBB0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.31 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Anti-Virus - SBC Yahoo! Online Protection v7.0.7.4 (Computer Associates)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"="C:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"="C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\Owner\\My Documents\\Downloaded games\\iWin Games\\iWinGames.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Downloaded games\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application."
"C:\\Documents and Settings\\Owner\\My Documents\\Downloaded games\\iWin Games\\WebUpdater.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Downloaded games\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\\Program Files\\iWin Games\\iWinGames.exe"="C:\\Program Files\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application."
"C:\\Program Files\\iWin Games\\WebUpdater.exe"="C:\\Program Files\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jenny\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SORCERESS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jenny
LOGONSERVER=\\SORCERESS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\jenny\LOCALS~1\Temp
TMP=C:\DOCUME~1\jenny\LOCALS~1\Temp
USERDOMAIN=SORCERESS
USERNAME=jenny
USERPROFILE=C:\Documents and Settings\jenny
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Doris Pennington (admin)
jenny (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
ABBYY FineReader 6.0 Sprint Plus --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\common\uninstall.exe
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Citrix Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Dream Chronicles --> C:\PROGRA~1\PLAYFI~1\DREAMC~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\DREAMC~1\INSTALL.LOG
eMachines Bay Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Fable - The Lost Chapters --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
IDIS --> C:\WINDOWS\iun3403.exe C:\IDIS
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® Integrated Performance Primitives RTI 4.0 --> MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89}
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iWin Games (remove only) --> "C:\Program Files\iWin Games\Uninstall.exe"
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Jewel Quest (remove only) --> "C:\Program Files\iWin.com Games\Jewel Quest\Uninstall.exe"
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_53aa7cd0\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 2200 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBVUN5C.EXE -dLexmark 2200 Series
Lexmark 3300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\Uninst.exe
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech IM Video Companion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984F10FD-11FD-4BED-8163-92DB81E6A825}\Setup.exe" -l0x11 UNINSTALL
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Mahjong Quest (remove only) --> "C:\Program Files\iWin.com Games\Mahjong Quest\Uninstall.exe"
Mahjong Quest 2 (remove only) --> "C:\Program Files\iWin.com Games\Mahjong Quest 2\Uninstall.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo Premium 9 --> c:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Publisher 2000 SR-1 --> MsiExec.exe /I{00140409-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Monopoly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20FA8AEE-E785-4F79-98EB-2067A8F395F4}\setup.exe" -l0x9
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
MusicmatchR Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
mySkins Creator --> MsiExec.exe /I{6842E926-7BD8-402D-A601-0A0F61944148}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Presto! Mr. Photo 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}\SETUP.EXE" -l0x9
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer 7 Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Sacred --> "C:\Program Files\Ascaron Entertainment\Sacred\unins000.exe"
SBC Yahoo! DSL Activation --> C:\PROGRA~1\Yahoo!\common\undsldlk.exe
Screensavers Installer --> "C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Smart Start UP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C9241DC-E141-4BB9-99F2-0BC54D81862F}\setup.exe" -l0x9
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Super Granny 4 (remove only) --> "C:\Program Files\Yahoo! Games\Super Granny 4\Uninstall.exe"
Syberia --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Syberia\Uninstall\setup.exe" -l0x9
The Great Tree (remove only) --> "C:\Program Files\iWin.com\The Great Tree\Uninstall.exe"
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
TrueSwitch Wizard SBC --> C:\Program Files\TrueSwitchSBC\TrueWizard.exe -uninstall
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\common\unypsr.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type7672 / Success
Event Submitted/Written: 07/03/2008 04:41:41 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7663 / Success
Event Submitted/Written: 07/03/2008 04:04:43 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7658 / Warning
Event Submitted/Written: 07/03/2008 03:59:20 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7655 / Error
Event Submitted/Written: 07/03/2008 03:17:22 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 130080629.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type7654 / Error
Event Submitted/Written: 07/03/2008 03:16:52 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application qttask.exe, version 6.3.0.17, faulting module quicktime.qts, version 6.4.0.29, fault address 0x000e062c.
Processing media-specific event for [qttask.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17538 / Warning
Event Submitted/Written: 07/06/2008 10:48:19 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to power off SORCERESS failed

Event Record #/Type17537 / Warning
Event Submitted/Written: 07/05/2008 09:04:44 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type17536 / Warning
Event Submitted/Written: 07/05/2008 08:05:57 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type17524 / Warning
Event Submitted/Written: 07/04/2008 11:52:16 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type17454 / Error
Event Submitted/Written: 07/03/2008 03:59:24 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {7A249601-B7D6-11D5-A9CE-0001032FEE17} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-07-06 16:12:14 ------------
  • 0

#6
Thunderbird1988
Posted 07 July 2008 - 12:42 PM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O21 - SSODL: RgrwCNUQYyg - {08A1BFB2-A20B-1518-6C7A-A4044DE6E2AB} - C:\WINDOWS\System32\ha.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

iWin Games
Viewpoint Media Player

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\iWin Games
C:\Program Files\Viewpoint

After that, Reboot.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please post also a new Hijackthislog.

Thunderbird1988
  • 0

#7
jennysweet2
Posted 08 July 2008 - 06:52 PM

jennysweet2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello Thunderbird,

I finished the steps here is the Statistics log from SuperAntispyware, and the new hijack this log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/08/2008 at 06:49 PM

Application Version : 4.15.1000

Core Rules Database Version : 3499
Trace Rules Database Version: 1490

Scan type : Complete Scan
Total Scan Time : 01:33:47

Memory items scanned : 309
Memory threats detected : 0
Registry items scanned : 6061
Registry threats detected : 4
File items scanned : 127532
File threats detected : 357

Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL

Adware.Tracking Cookie
C:\Documents and Settings\jenny\Cookies\jenny@hitbox[2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@interclick[2].txt
C:\Documents and Settings\jenny\Cookies\jenny@burstnet[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@statcounter[2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@kontera[1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@specificclick[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@adserver[1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@atdmt[2].txt
C:\Documents and Settings\jenny\Cookies\jenny@2o7[2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@doubleclick[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@ad[2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\jenny@highschoolelite[2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@indextools[2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@hotbar[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@zedo[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@realmedia[2].txt
C:\Documents and Settings\jenny\Cookies\jenny@revsci[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@questionmarket[1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@adbrite[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@adknowledge[2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@advertising[1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\jenny@collective-media[2].txt
C:\Documents and Settings\jenny\Cookies\jenny@adinterax[2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@mediaplex[1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@adrevolver[3].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@apmebf[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@adlegend[2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\jenny@cgi-bin[2].txt
C:\Documents and Settings\jenny\Cookies\jenny@media6degrees[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@serving-sys[1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@fastclick[2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\jenny@casalemedia[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@insightexpressai[1].txt
C:\Documents and Settings\jenny\Cookies\jenny@atwola[1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\jenny@trafficmp[1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\jenny@tripod[1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][2].txt
C:\Documents and Settings\jenny\Cookies\jenny@tribalfusion[2].txt
C:\Documents and Settings\jenny\Cookies\jenny@tacoda[1].txt
C:\Documents and Settings\jenny\Cookies\[email protected][1].txt
C:\Documents and Settings\jenny\Cookies\jenny@adrevolver[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@2o7[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@adbrite[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@adknowledge[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@adlegend[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@adrevolver[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@adrevolver[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@advertising[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@apmebf[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@atdmt[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@atwola[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@belnk[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@bfast[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@casalemedia[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@clickbank[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@crossmediaservices[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@doubleclick[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@fastclick[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@hitbox[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@insightexpressai[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@interclick[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@maxserving[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@mediaplex[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@overture[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@partner2profit[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@qksrv[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@questionmarket[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@realmedia[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@serving-sys[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@specificclick[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@statcounter[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@tacoda[2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@trafficmp[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@tribalfusion[1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][2].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris [email protected][1].txt
C:\Documents and Settings\Doris Pennington\Cookies\doris pennington@zedo[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@adinterax[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adlegend[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
C:\Documents and Settings\Guest\Cookies\guest@partner2profit[2].txt
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@accounts[2].txt
C:\Documents and Settings\Owner\Cookies\owner@accounts[3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@bravenet[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickaider[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@consumergain[2].txt
C:\Documents and Settings\Owner\Cookies\owner@coolsavings[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@crosscountrytravcorps[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@dealtime[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@eyewonder[2].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@findarticles[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@hotlog[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightfirst[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Cookies\owner@kwsumedia[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@pexxx[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@spylog[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficregenerator[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tripod[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt

Adware.180solutions/Seekmo/Zango
C:\DOCUMENTS AND SETTINGS\JENNY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PK0ZTH0T\SETUP[1].EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP1065\A0055439.DLL
C:\WINDOWS\Prefetch\SETUP[1].EXE-023A345A.pf

Adware.IWinGames
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADED GAMES\IWIN GAMES\IWINGAMESHOOKIE.DLL
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20080708-170031-241.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP1066\A0055460.DLL

Adware.RX Toolbar
C:\PROGRAM FILES\YAHOO!\YPSR\QUARANTINE\PPQ432.TMP\RXTOOLBAR.EXE

Trace.Known Threat Sources
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CH6R8L67\bg[1].jpg
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\bg[1].gif
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\gateway_logging[1].htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\s1[1].jpg
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\win_xp_sp2_ie_6[1].swf
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CT63OPYB\CA6VO9E7.htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CH6R8L67\d_2[1].css
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CT63OPYB\CAENM501.htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CT63OPYB\shopper_large[1].gif
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\CAAWJRA5.htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\background_6m[1].gif
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CT63OPYB\minify4[2].js
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CT63OPYB\btn[1].jpg
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\CAOPI74D.htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\button[1].js
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\CAO96ZOX.htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\twisted-humor-online.powered-by.zango[1]
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\btn[2].gif
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\s4[1].jpg
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\minify11[2].js
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CH6R8L67\g_img_a072ae7a[1].jpg
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\zango_logo[1].gif
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\init[1].js
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\button_box[1].gif
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\content.licenseacquisition[1].htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CT63OPYB\title[1].js
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CT63OPYB\button[1].gif
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CH6R8L67\ncp[1].css
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\ga672a174ff[1].js
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\ga672a174ff[2].js
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CT63OPYB\minify5[1].js
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\CAMJKLAF.htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CT63OPYB\desc[1].js
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\gateway_logging[1].htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CH6R8L67\index[4].htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CH6R8L67\trialpay_6m[1].htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CH6R8L67\layout[1].htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\s2[1].jpg
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\CT63OPYB\eulagateway[1].htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\template[1].css
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\color[1].css
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\0TQZOHQ3\CA6R49MF.htm
C:\Documents and Settings\jenny\Local Settings\Temporary Internet Files\Content.IE5\PK0ZTH0T\zango-logo4[1].jpg

Here is the Hijack this log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:58 PM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallSBC.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 6139 bytes
  • 0

#8
jennysweet2
Posted 08 July 2008 - 06:55 PM

jennysweet2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I am still seeing the characters in the address bar For example: C:\ doesn't look like that on my address bar it has some weird looking symbol next to it.

Thanks.
  • 0

#9
Thunderbird1988
Posted 09 July 2008 - 01:49 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Jnell,

Do you only get weird characters when you type in your address bar, or do you also get them when you type tex in other places. (for example notepad)
  • 0

#10
jennysweet2
Posted 09 July 2008 - 09:10 AM

jennysweet2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It only happens on the address bar. Well I haven't tried notepad yet. Like all of the "\" looks like some weird character. I notice that when I try and copy and paste whatever is on the address bar somewhere the "\" will appear normal.
  • 0

#11
Thunderbird1988
Posted 09 July 2008 - 01:20 PM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Jnell,

I am not sure if this problem is malware related or not, but to be sure, lets have a deeper look.

Before running a new scan let's clean out the temporary folders.




Download ATF Cleaner to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.




Note: You must be logged on to the system with an account that has Administrator privileges to run this program.




  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit Search section click on Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.

Use the Add Reply button and attach the file in your next post.

Thunderbird1988
  • 0

#12
Thunderbird1988
Posted 23 July 2008 - 02:53 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP