Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"your System Is Infected With Dangerous Virus..." Popup


  • This topic is locked This topic is locked
6 replies to this topic

#1 sbjohns

sbjohns

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 June 2008 - 07:59 PM

Greetings,
I made the mistake of allowing an Active-X code to run in IE7. (Went brain-dead for a second.) Don't know what this popup is called but the full text is: "System error Your system is infected with dangerous virus! Note: Strongly recommend to install antispyware program to clean your system and avoid total crash of hour computer! Click OK to download the antispyware. (Recommended)" It pops up 3 times while IE7 is loading my home page. It pops up 2 out of 3 times when double-clicking on My Computer. When I double-click on My Docs, it does not. It shows up at other odd places.
When you search for anything in the Google search toolbar, the 2nd and 3rd entry are obviously supplied by the malware. 2) Error - your computer was infected etc etc. 3) You Tube - Porn - Watch now.
I have never clicked on OK or these bogus Google search results.
I have run Kasperski 7.0 full system scan many times. No threats are ever detected.

A few general questions before I post the logs.
1. I have an attached USB drive for data. Do these things infect attached drives that are data only?
2. Why doesn't Kaspersky 7.0 ever find anything?
3. What causes System Restore not to work? What a disappointment! I went back as far as I could go. How do I make it work in the future?
4. I have turned on Kaspersky Proactive Defense and have blocked all suspicious activity, the Internet Explorer finally runs without popups. However, Kaspersky "clunks" and stops each time the activity is stopped five or six times for each window refresh. It takes forever to bring up the page but the popup doesn't pop-up. It seems that wuaudit.exe in the Windows\System32 folder is changing a lot. And the program indentified the following files as suspicious. I blocked each one of them:
wuaudt.exe, msvcr80.dll, apsaps.dll, MSOHEV.DLL, WindowsLiveLogin.dll, mdnsNSP.dll, shlxthd.dll, atl71.dll, pdfshell.dll, msvcr71.dll, OUTLLIB.DLL, tswsh.dll, SWSUPPORT.dll, msvcp80.dll, MSOXMLMF.DLL, vsfilter.dll, MatroskaSplitter.ax. I know I have probably blocked some useful actions. I know how to restore these blocks but need help in getting rid of the the popup. But at least I can research and post here.

Not sure what's going on.
I would be very greatful for assistance in disinfecting my system. I really don't want to fdisk and reload everything.
Kindest Regards,
Stephen Johns

I have run DSS and Hijack This with the results following:

Deckard's System Scanner v20071014.68
Run by Stephen Johns on 2008-06-08 18:03:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
77: 2008-06-08 23:03:11 UTC - RP940 - Deckard's System Scanner Restore Point
76: 2008-06-08 06:36:09 UTC - RP939 - System Checkpoint
75: 2008-06-07 04:34:54 UTC - RP938 - System Checkpoint
74: 2008-06-06 02:17:59 UTC - RP937 - System Checkpoint
73: 2008-06-04 03:59:03 UTC - RP936 - System Checkpoint


-- First Restore Point --
1: 2008-03-12 01:25:28 UTC - RP864 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 6.88 GiB (less than 15%) free.


-- HijackThis (run as Stephen Johns.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:11 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Documents and Settings\Stephen Johns\My Documents\Downloaded Program Files\HijackThis\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Stephen Johns.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/s/s.dll?spage=hb/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE LiveTV - {5F841E5A-AA28-4037-BE7A-96E943E91F4D} - C:\WINDOWS\apsaps.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11594 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>

S3 aeaudio - c:\windows\system32\drivers\aeaudio.sys (file missing)
S3 chimou2k (WHEEL MOUSE PS2 MOUSE Filter Driver) - c:\windows\system32\drivers\bcm8042p.sys <Not Verified; ; Win2k/XP mouse driver>
S3 IPFilter (Microsoft IntelliPoint Features driver) - c:\windows\system32\drivers\ipfilter.sys <Not Verified; Microsoft Corporation; Microsoft IntelliPoint>
S3 LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - c:\windows\system32\drivers\lhidflt2.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 WINIO - c:\windows\temp\winio.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-06 18:30:00 366 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D7K5CZ61-Stephen Johns).job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 13:50:25 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-08 13:50:24 0 d-------- C:\WINDOWS\LastGood
2008-06-08 12:31:22 0 d-------- C:\Program Files\Trend Micro
2008-05-21 22:33:05 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-21 22:33:05 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-21 22:32:21 56352 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-21 22:32:21 14744608 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-17 15:51:01 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-17 01:38:53 254464 --a------ C:\WINDOWS\apsaps.dll
2008-05-17 01:38:52 52 --a------ C:\smp.bat
2008-05-10 14:39:01 0 d-------- C:\temp
2008-05-10 14:37:44 528384 -----n--- C:\WINDOWS\system32\VZWDownManager.exe <Not Verified; Verizon; VZWDownManager Application>
2008-05-10 14:37:43 49152 -----n--- C:\WINDOWS\system32\VZWDLManager.dll <Not Verified; ; VZWDLManager Module>
2008-05-10 14:37:36 0 d-------- C:\Program Files\Verizon Wireless


-- Find3M Report ---------------------------------------------------------------

2008-06-07 23:55:04 0 d-------- C:\Documents and Settings\Stephen Johns\Application Data\AdobeUM
2008-06-01 01:07:24 26 --a------ C:\WINDOWS\popcinfo.dat
2008-05-29 21:02:08 1206 --a------ C:\Documents and Settings\Stephen Johns\Application Data\QuickZip45.ini
2008-05-28 21:15:17 0 d-------- C:\Program Files\SpywareBlaster
2008-05-21 22:32:21 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-28 22:44:58 0 d-------- C:\Program Files\LimeWire
2008-04-21 20:22:10 0 d-------- C:\Documents and Settings\Stephen Johns\Application Data\U3


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}]
05/17/2008 01:38 AM 254464 --a------ C:\WINDOWS\apsaps.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
"EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.exe" [06/01/2003 03:00 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [09/26/2007 01:31 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [08/31/2007 02:13 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 02:01 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 12:25 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Stephen Johns\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stephen Johns^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=C:\Documents and Settings\Stephen Johns\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=C:\WINDOWS\pss\Screen Saver Control.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f90ab9f-2c13-11dc-ac87-001111e87fad}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5bd210e-f6ce-11dc-8611-001111e87fad}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NTEN\08NTC_Session_Materials.htm




-- End of Deckard's System Scanner: finished at 2008-06-08 18:08:32 ------------

Extra.txt posted below:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 510.07 MiB / 222.79 MiB
Pagefile Memory (total/avail): 1246.11 MiB / 918.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.43 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 70.98 GiB total, 6.9 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 189.92 GiB total, 108.88 GiB free.
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST380013AS - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 70.98 GiB - C:
\PARTITION2 - Unknown - 3.45 GiB

\\.\PHYSICALDRIVE2 - EPSON Stylus Storage USB Device

\\.\PHYSICALDRIVE1 - Maxtor 3200 USB Device - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 189.92 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)
AV: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Phantom EFX\\OnlineCasino\\bin\\Prelauncher.exe"="C:\\Program Files\\Phantom EFX\\OnlineCasino\\bin\\Prelauncher.exe:*:Enabled:Prelauncher"
"C:\\Program Files\\Phantom EFX\\OnlineCasino\\Launcher\\OLCLauncher.exe"="C:\\Program Files\\Phantom EFX\\OnlineCasino\\Launcher\\OLCLauncher.exe:*:Enabled:OLCLauncher"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\KAV\\kis\\setup.exe"="C:\\KAV\\kis\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Stephen Johns\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STEPHEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Stephen Johns
LOGONSERVER=\\STEPHEN
MIGO_DRIVE=G
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Sonic Shared;;C:\WINDOWS\system32\gs\gs8.13\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp
USERDOMAIN=STEPHEN
USERNAME=Stephen Johns
USERPROFILE=C:\Documents and Settings\Stephen Johns
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI


-- User Profiles ---------------------------------------------------------------

Stephen Johns (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0409
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
After Dark Games --> C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\After Dark Games\Uninst.isu"
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bejeweled 2 Deluxe 1.0 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
BitPim 0.9.10 --> "C:\Program Files\BitPim\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CAM UnZip 4.0 --> "C:\Program Files\CAM Development\CAM UnZip\Uninstall\unins000.exe"
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Centipede --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Centipede\CentUnin.isu"
Chuzzle Deluxe 1.01 --> C:\Program Files\PopCap Games\Chuzzle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Chuzzle Deluxe\Install.log"
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 5.0.0 (630) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
Drop 2 --> C:\PROGRA~1\eGames\DROP2~1\UNWISE.EXE C:\PROGRA~1\eGames\DROP2~1\INSTALL.LOG
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Ease Audio Converter 4.10 --> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
EasyZip --> C:\PROGRA~1\EasyZip\\UNINST.EXE
eGames GameButler --> C:\PROGRA~1\eGames\GAMEBU~1\UNWISE.EXE C:\PROGRA~1\eGames\GAMEBU~1\INSTALL.LOG
eMusic Remote 1.0.0.2 --> C:\Program Files\eMusic Remote\uninst.exe
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B53B71D-9E2F-42B8-9123-96354872D166}\setup.exe" -l0x9 MyUninstall
EPSON PhotoStarter3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
EPSON SP RX500 Reference Guide --> C:\Program Files\epson\guide\rx500_e\uninstall.exe
G15A922EN --> MsiExec.exe /X{77312684-D3DF-4E00-A583-813FF9FFB4FB}
Gadwin PrintScreen --> C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hoyle Board Games 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}\setup.exe" -l0x9
Hoyle Casino 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF8A6C5-2355-4295-ABAD-DD86BCF0FB95}\setup.exe" -l0x9 -removeonly
Hoyle Puzzle Games 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3EAB67E-9B37-4B74-AFE6-D418D5F6F3D4}\setup.exe" -l0x9
Hubble Images Screen Saver --> sstunst2.exe Hubble Images
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
Insaniquarium Deluxe 1.1 --> C:\Program Files\PopCap Games\Insaniquarium Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Insaniquarium Deluxe\Install.log"
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Jasc Paint Shop Pro 9.01 - (9.0.1.1) --> C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~3\INSTALL.LOG
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.50 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Keynote Connector --> C:\WINDOWS\DOWNLO~1\CONNEC~1.EXE /Uninstall
Las Vegas 1 Screensaver --> C:\Program Files\Sharpresolution, LLC\Las Vegas 1\Uninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Luxor (remove only) --> "C:\Program Files\MumboJumbo\Luxor\uninstall.exe"
Luxor Amun Rising (remove only) --> "C:\Program Files\MumboJumbo\Luxor Amun Rising\uninstall.exe"
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MAGIX audio cleaning 3.0 --> C:\MAGIX\audiocleaning3\unwise.exe C:\MAGIX\audiocleaning3\INSTALL.LOG
Merlin AuctionMagic --> C:\PROGRA~1\PCTECH~1\AUCTIO~1\UNWISE.EXE C:\PROGRA~1\PCTECH~1\AUCTIO~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X --> MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Service Pack 1 --> C:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {A868297C-C0ED-4B97-8D88-B582D7F6EA04} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Pandora's Box --> "C:\Program Files\Microsoft Games\Pandora's Box\UNINSTAL.EXE" /runtemp /addremove
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Stephen Johns\Application Data\Move Networks\ie_bin\Uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Essentials --> MsiExec.exe /X{29CBFC23-05A7-4286-93B8-BABE29BC1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
New York 1 Screensaver --> C:\Program Files\Sharpresolution, LLC\New York 1\Uninstall.exe
New York 2 Screensaver --> C:\Program Files\Sharpresolution, LLC\New York 2\Uninstall.exe
Noiseware Standard Edition --> MsiExec.exe /I{6897145C-B43D-415E-84F0-C273437104DA}
OLYMPUS CAMEDIA Master 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe" CAMEDIA Master 4.03
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OpenOffice.org 2.0 --> MsiExec.exe /I{08D2F839-A9FD-4F5A-A529-D45FF6E238A3}
PDF2Word v1.6 --> "C:\Program Files\PDF2Word v1.6\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Quake 4™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1033
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
Quick Zip 4.60.010 --> "C:\Program Files\QuickZip4\unins000.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spider-Man 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2F7655DD-793E-40C6-B348-DE67C109F6FF}
Star Wars Battlefront II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x9 -removeonly
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Tetris Elements (remove only) --> "C:\Program Files\Tetris\Tetris Elements\uninstall.exe"
TotalPDFConverter --> "C:\Program Files\Total PDF Converter\unins000.exe"
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax Home & Business 2007 --> C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Ultimate Pinball Extreme --> C:\WINDOWS\iun507.exe C:\Program Files\Ultimate Pinball Extreme\irunin.ini
V CAST Music Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type9910 / Warning
Event Submitted/Written: 05/25/2008 11:11:53 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type9909 / Warning
Event Submitted/Written: 05/25/2008 11:11:53 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro', component '{E46B662B-CC16-46AE-8536-DAC1B730A51E}' failed. The resource 'HKEY_CURRENT_USER\Software\Jasc\Paint Shop Pro 9\Installer\CacheFolder' does not exist.

Event Record #/Type9908 / Warning
Event Submitted/Written: 05/25/2008 11:11:53 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type9907 / Warning
Event Submitted/Written: 05/25/2008 11:11:53 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro', component '{E46B662B-CC16-46AE-8536-DAC1B730A51E}' failed. The resource 'HKEY_CURRENT_USER\Software\Jasc\Paint Shop Pro 9\Installer\CacheFolder' does not exist.

Event Record #/Type9906 / Warning
Event Submitted/Written: 05/25/2008 11:11:44 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8719 / Error
Event Submitted/Written: 06/08/2008 00:18:19 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1058

Event Record #/Type8714 / Error
Event Submitted/Written: 06/08/2008 00:18:09 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1058

Event Record #/Type8713 / Error
Event Submitted/Written: 06/08/2008 00:18:09 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HID Input Service service terminated with the following error:
%%126

Event Record #/Type8692 / Error
Event Submitted/Written: 06/07/2008 06:11:46 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1058

Event Record #/Type8688 / Error
Event Submitted/Written: 06/07/2008 06:11:35 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-06-08 18:08:32 ------------

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:27 AM

Posted 09 June 2008 - 06:47 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.


Please post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 sbjohns

sbjohns
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 09 June 2008 - 11:30 PM

Hi Sam,
Thanks a lot for the help!
I removed all those Java Runtime Environments. I installed JRE6u6.
I reran DSS. This time it didn't create an Extra.txt file.
I post the Main.txt file below.
Regards
Stephen


Deckard's System Scanner v20071014.68
Run by Stephen Johns on 2008-06-09 23:12:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 6.74 GiB (less than 15%) free.


-- HijackThis (run as Stephen Johns.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:25 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Documents and Settings\Stephen Johns\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\STEPHE~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/s/s.dll?spage=hb/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE LiveTV - {5F841E5A-AA28-4037-BE7A-96E943E91F4D} - C:\WINDOWS\apsaps.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11501 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 22:51:59 0 d-------- C:\Program Files\Common Files\Java
2008-06-08 13:50:25 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-08 12:31:22 0 d-------- C:\Program Files\Trend Micro
2008-05-21 22:33:05 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-21 22:33:05 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-21 22:32:21 97312 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-21 22:32:21 15140640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-17 15:51:01 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-17 01:38:53 254464 --a------ C:\WINDOWS\apsaps.dll
2008-05-17 01:38:52 52 --a------ C:\smp.bat
2008-05-10 14:39:01 0 d-------- C:\temp
2008-05-10 14:37:44 528384 -----n--- C:\WINDOWS\system32\VZWDownManager.exe <Not Verified; Verizon; VZWDownManager Application>
2008-05-10 14:37:43 49152 -----n--- C:\WINDOWS\system32\VZWDLManager.dll <Not Verified; ; VZWDLManager Module>
2008-05-10 14:37:36 0 d-------- C:\Program Files\Verizon Wireless


-- Find3M Report ---------------------------------------------------------------

2008-06-09 22:53:26 0 d-------- C:\Program Files\Java
2008-06-09 22:51:59 0 d-------- C:\Program Files\Common Files
2008-06-07 23:55:04 0 d-------- C:\Documents and Settings\Stephen Johns\Application Data\AdobeUM
2008-06-01 01:07:24 26 --a------ C:\WINDOWS\popcinfo.dat
2008-05-29 21:02:08 1206 --a------ C:\Documents and Settings\Stephen Johns\Application Data\QuickZip45.ini
2008-05-28 21:15:17 0 d-------- C:\Program Files\SpywareBlaster
2008-05-21 22:32:21 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-28 22:44:58 0 d-------- C:\Program Files\LimeWire
2008-04-21 20:22:10 0 d-------- C:\Documents and Settings\Stephen Johns\Application Data\U3


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}]
05/17/2008 01:38 AM 254464 --a------ C:\WINDOWS\apsaps.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
"EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.exe" [06/01/2003 03:00 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [09/26/2007 01:31 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [08/31/2007 02:13 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 02:01 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 12:25 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Stephen Johns\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stephen Johns^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=C:\Documents and Settings\Stephen Johns\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=C:\WINDOWS\pss\Screen Saver Control.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f90ab9f-2c13-11dc-ac87-001111e87fad}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5bd210e-f6ce-11dc-8611-001111e87fad}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NTEN\08NTC_Session_Materials.htm




-- End of Deckard's System Scanner: finished at 2008-06-09 23:13:47 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:27 AM

Posted 10 June 2008 - 10:06 AM

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\apsaps.dll
    C:\smp.bat
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


=================



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Also post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 sbjohns

sbjohns
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 11 June 2008 - 06:45 PM

Hi Sam,
I think this has done it! Things look normal now. Haven't seen hide nor hair of the Trojan.FakeAlert-Pinch/W malware. I will post the requested reports below. A couple of questions?
1. Why didn't Kaspersky find this bad boy? I have been in touch with them for several weeks and I am not impressed. Should I continue to use Kaspersky (I like the spam, firewall and it works well in real time on emails, downloads? And maybe scan with SuperAntiSpyware occasionally?
2. How about Firefox? Whould you recommend using it? I know it is getting increasing attention from the bad guys.
3. What did OTMoveIt do?
4. Any other safety techniques you could recommend? I had a chance to stop this thing from downloading and I wasn't vigilant enough. I will be in the future.
OK, I will post the OTMoveIt2 report, the SuperAntiSpyware Scan Log and the DSS log.
Thanks so much. You, sir, are brilliant! :thumbsup:

C:\WINDOWS\apsaps.dll unregistered successfully.
C:\WINDOWS\apsaps.dll moved successfully.
C:\smp.bat moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06102008_185403

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/10/2008 at 11:56 PM

Application Version : 4.15.1000

Core Rules Database Version : 3479
Trace Rules Database Version: 1470

Scan type : Complete Scan
Total Scan Time : 03:11:51

Memory items scanned : 352
Memory threats detected : 0
Registry items scanned : 8059
Registry threats detected : 6
File items scanned : 205339
File threats detected : 353

Trojan.FakeAlert-Pinch/W
HKLM\Software\Classes\CLSID\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}
HKCR\CLSID\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}
HKCR\CLSID\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}#AppID
HKCR\CLSID\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}#LocalizedString
HKCR\CLSID\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}\Implemented Categories
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP915\A0094298.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP916\A0094313.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP917\A0094329.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP918\A0094343.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP919\A0094359.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP920\A0094374.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP921\A0094388.DLL
C:\_OTMOVEIT\MOVEDFILES\06102008_185403\WINDOWS\APSAPS.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@counter.inkfrog[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@paypal.112.2o7[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1kc5kd.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgkyeocpmaq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wflowmajaeq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@iad.liveperson[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wbmysgdjobq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlyqjdpecp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wflocicjico.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@advertising[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wcl4egdpklp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@counter.marketplaceadvisor.channeladvisor[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wbk4sldjwhq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@server.iad.liveperson[5].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkouhajgko.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wblosnc5oep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkokncpwkp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4egazwkp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnychczoep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnygkdpsgp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whkoehczoeo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlionczggp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgkokkczcho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyqodpafp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@stats.sphere[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyciazmbo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wcmiqidpeco.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1jdjma.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@server.iad.liveperson[8].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whk4ekcjkbp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgl4qgcjaho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlygkdzaho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4ggczieq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyqiazkcp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkoqhdjwco.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@ad.m5prod[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkokgcjmfp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnycndjkdo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4kpcpabp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wclychdjico.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whkokpcjobp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4ehd5wcq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@questionmarket[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@server.iad.liveperson[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whlyoodpkeo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@traffic.buyservices[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkiagd5kgo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfmygldzgfo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1jdjgc.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyggcpeco.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wcmyopd5ofo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whkyejdzico.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@server.iad.liveperson[7].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjmykpdzkap.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnywmcpabo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfmisocjkfp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wclyeld5odo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjmywgazoep.stats.esomniture[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whmiehdpebp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@sales.liveperson[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1ndjwf.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfliakcjakq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wcmysndpccq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@dmtracker[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4qlajefp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkygidzmho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjl4emdjahp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyqkdzmlo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjl4ckazsbo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkykjdzebp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnygkd5ikq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjliekajakq.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlyqgdzegp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@cfbillpay41.digitalinsight[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkowkcjmeo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkoqnd5ocq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1md5ee.stats.esomniture[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@stats.paypal[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@2o7[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@1-click[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@2o7[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@2o7[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@a.findarticles[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@adinterax[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@adserverus[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@adultfriendfinder[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@advertising[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@bizrate[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@bravenet[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@buycom.122.2o7[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@counter.auctionworks[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@counter.auctionworks[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@cracked[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@data.coremetrics[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wak4wndzgkp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wakoalazkeo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wakoqpd5ako.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6walicjdzoep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6waliunajglo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6walyghdpefq.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wamywjdjmhp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wbkyahdjaeo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wbl4cld5akp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wbliajcpafp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wblyeoc5mep.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wblyqoajoeo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wckognc5mco.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wckychdpsco.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wcl4wjdjafp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wclocldzedp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wcmiqmazkfq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wdk4coaziep.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wdkogmdjclq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wdkygkajkhq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wdlismczeeo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wdlyqjdzseo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfk4umdjmao.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfk4whdjmbo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfk4widzebp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkiahcpmfq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkicoazilo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkigocpwfq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkiohcjsbp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkisldpogq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkiukcjkaq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkiwjc5geo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkoajc5ado.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkoehcjogp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkoehcjwbo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkoggdpmlp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkokocjklo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkoohajsko.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkospajseo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkougczcgo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkowgdpebo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkyanczkbp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkycodjgho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkyomaziko.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfkysmdpefp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfl4amc5mfq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfl4ehazehp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfl4qpcjmbp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wflisodzebq.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wflisodzebq.stats.esomniture[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wflockcjseo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfloehdjado.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfloopczwkq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfmiagczsgo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfmicjd5wko.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfmiklcjcko.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfmiopc5afo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfmiqiazgaq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfmislajsep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wfmyoiczwko.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgkiqhd5kfp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgkoakc5oeo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgkoqmazebo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgkoqmdpslp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgkygjazgao.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wglicodjgaq.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wglyulczsao.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgmigndpado.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgmyejcpibq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wgmyuoazaep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whk4ciajedp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whkyajcziap.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whkyamd5wlo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whkyomdzigq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6whliwmd5aap.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4apd5akq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4apd5akq.stats.esomniture[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4gkczofp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4oocjwhp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4qoczgfq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4sgdjmbq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4ugcpkho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4ujc5cep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4ukajoep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjk4wjazigo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkoagdjmao.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkocgdziaq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkoghc5wfo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkogiczaco.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkogidzmgp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkogjdjalp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkogmczalp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkoklc5akp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkospdpgep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkouid5scp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkowhcpmbp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyahcjkdo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyahcjkdo.stats.esomniture[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyahd5skp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyaiczgbo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyajajohq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyaod5iho.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkycodjglo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyegcpmbp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyehazkbo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyekajsep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyggdpoeq.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkygkcpifo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkykiazmlo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyolcpsap.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyomdjghq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyshdzcao.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyugajsho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyuhcpgep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyulcpieo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkyunajwkp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjkywkdjodo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjl4agcpolp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjl4ckazsbo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjl4ckazsbo.stats.esomniture[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjl4ejczshp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjl4kpczcho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjl4opczgep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjl4sodpmhp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlialdjgfo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlicgazecp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjliciazshq.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjliomczefo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjliqgcjkeo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjliqkajwho.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjliwndpwbp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlochcpaep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjloeid5ofo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjloeid5ofo.stats.esomniture[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjloenajogq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlouhdjsdq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlouicpmkp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjloujd5wdp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlowkd5cko.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlowmazgep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlygnc5wgp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlykmd5cdp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlyknajecp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlyomd5mhq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlyoocpgbp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjlywkdpiho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjmiaid5whq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjmiakcpcgp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjmiolcpafo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjmycgazclp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjmyckcjgap.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjmyghd5okp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjmyujcjsbp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjmywgazoep.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1gcjok.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1gcjwa.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1gczwf.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1iajwf.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1jdped.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1jdzsb.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1kazae.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1ldpia.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1majkh.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1mazag.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1md5ae.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1md5ee.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1oajgf.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1pajcg.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1pajcg.stats.esomniture[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1pcpka.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjny-1sajsl.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyagd5gfp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyahdjoeq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnychajkfo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnychcpafo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnychcpafq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnychczkdo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnychdjsdp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnychdjslp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnycjcjogo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyckc5meq.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnycmdpmdq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnycnc5ego.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyegdzshq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyeiczmao.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyejdzclo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyepajodp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyggcpwfo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnygkc5gdp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnygkcjwap.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnygkdpobp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnygpc5wbq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyogc5iao.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyogcpahp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyogcpsho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyojdjafp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyokcjifo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyokczklp.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyokdzclo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyokdzclo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyold5sco.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyomdjaeo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyondpwho.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyoocpiep.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyopcjefo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyopd5cgp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyopdjcgq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyqgc5cbp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyqjcjgdo.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyqkajmhq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyqnc5egp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyqncpako.stats.esomniture[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyqndzado.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyqpdpiap.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyshazalo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyslazebo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnysocjggo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyspdpmeo.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyspdpmeo.stats.esomniture[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyukczmlq.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnyuncjaep.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@e-2dj6wjnywjajgfp.stats.esomniture[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@edge.ru4[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@findarticles[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@iad.liveperson[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@insightexpressai[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@iwillbleepthispussy[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@keywordmax[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@mediaplex[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@paypal.112.2o7[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@paypal.112.2o7[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@precisionclick[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@redorbit[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@richmedia.yahoo[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@sales.liveperson[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@sales.liveperson[4].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@server.iad.liveperson[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@server.iad.liveperson[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@server.iad.liveperson[4].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@server.iad.liveperson[6].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@tacoda[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@track.bestbuy[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@traffic.buyservices[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@www.accountonline[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@www.accountonline[3].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@www.googleadservices[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@www.googleadservices[2].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@www.googleadservices[4].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@xiti[1].txt
C:\Documents and Settings\Stephen Johns\Cookies\stephen_johns@xiti[2].txt

Deckard's System Scanner v20071014.68
Run by Stephen Johns on 2008-06-11 18:07:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 6.47 GiB (less than 15%) free.


-- HijackThis (run as Stephen Johns.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:35 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Documents and Settings\Stephen Johns\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\STEPHE~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/s/s.dll?spage=hb/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11549 bytes

-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-10 19:06:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-10 19:05:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-10 19:05:23 0 d-------- C:\Documents and Settings\Stephen Johns\Application Data\SUPERAntiSpyware.com
2008-06-09 22:51:59 0 d-------- C:\Program Files\Common Files\Java
2008-06-08 13:50:25 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-08 12:31:22 0 d-------- C:\Program Files\Trend Micro
2008-05-21 22:33:05 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-21 22:33:05 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-21 22:32:21 108832 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-21 22:32:21 15362848 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-17 15:51:01 0 d-------- C:\WINDOWS\BDOSCAN8


-- Find3M Report ---------------------------------------------------------------

2008-06-10 19:00:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 22:53:26 0 d-------- C:\Program Files\Java
2008-06-09 22:51:59 0 d-------- C:\Program Files\Common Files
2008-06-07 23:55:04 0 d-------- C:\Documents and Settings\Stephen Johns\Application Data\AdobeUM
2008-06-01 01:07:24 26 --a------ C:\WINDOWS\popcinfo.dat
2008-05-29 21:02:08 1206 --a------ C:\Documents and Settings\Stephen Johns\Application Data\QuickZip45.ini
2008-05-28 21:15:17 0 d-------- C:\Program Files\SpywareBlaster
2008-05-21 22:32:21 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-10 14:37:36 0 d-------- C:\Program Files\Verizon Wireless
2008-04-28 22:44:58 0 d-------- C:\Program Files\LimeWire
2008-04-21 20:22:10 0 d-------- C:\Documents and Settings\Stephen Johns\Application Data\U3


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
"EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.exe" [06/01/2003 03:00 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [09/26/2007 01:31 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [08/31/2007 02:13 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 02:01 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 12:25 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Stephen Johns\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stephen Johns^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=C:\Documents and Settings\Stephen Johns\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=C:\WINDOWS\pss\Screen Saver Control.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f90ab9f-2c13-11dc-ac87-001111e87fad}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5bd210e-f6ce-11dc-8611-001111e87fad}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NTEN\08NTC_Session_Materials.htm




-- End of Deckard's System Scanner: finished at 2008-06-11 18:08:43 ------------

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:27 AM

Posted 12 June 2008 - 02:44 PM

First off, your log is clean! :thumbsup:

Now to answer your questions.

1. Why didn't Kaspersky find this bad boy? I have been in touch with them for several weeks and I am not impressed. Should I continue to use Kaspersky (I like the spam, firewall and it works well in real time on emails, downloads? And maybe scan with SuperAntiSpyware occasionally?

Kaspersky is a very good antivirus program. But the infection that you have is more of an adware trojan. And there are new variants released almost daily. You just can't rely solely on your antivirus program to keep you out of trouble. I definitely recommend scanning with Superantispyware on a regular basis, as well as at least one other antispyware program. Layer in that protection and keep everything updated often.

2. How about Firefox? Whould you recommend using it? I know it is getting increasing attention from the bad guys.

By default Firefox is far more secure than IE. It's not bulletproof, but I definitely recommend it over IE.

3. What did OTMoveIt do?

It quarantined those bad files. :thumbup2:

4. Any other safety techniques you could recommend? I had a chance to stop this thing from downloading and I wasn't vigilant enough. I will be in the future.

Yep, keep reading! :spacer:


First we'll do a little housekeeping.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :spacer:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:27 AM

Posted 23 June 2008 - 04:04 PM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users