Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootRepeal Exception Address: 0x004eca19 [Moved]


  • This topic is locked This topic is locked
12 replies to this topic

#1 novacanary

novacanary

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 24 September 2009 - 03:59 PM

Everything was going great until I hit a roadblock in trying to run RootRepeal. The program downloads but I get an Exception Address: 0x004eca19 and then it stops.

A couple of days ago my computer got hit by Windows PC Defender and now my searches get redirected. On the HiJack This log I have 100 of the files 01 Hosts 74.235.45.100 and 206.53.61.77. I ran Hijack this on 9/2/09 and these did not show up.

I ran Malwarebytes' Anti-Malware 1.41 on 9/23/09 and two registry keys showed infected - one by Adware.Gamevance (one of my grandkids downloaded Gamevance without my permission and I took it off) and the other Rogue.Intaller. Both quaranteed and deleted successfully (per the software)

Several weeks ago my cursor began jumping all over the screen and I tried some of the fixes suggested but nothing works. Have wireless mouse. I ran scans with AVG and Spybot and Adaware and the cleaning tools at Trend Micro and nothing came up except cookies. I do automatic Windows updates. The cursor problem began after I downloaded IE8.

Can you help me? Thanks

Margaret

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,808 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:32 AM

Posted 24 September 2009 - 06:58 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Do you have the same problem if you plug in a wired mouse?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 AM

Posted 24 September 2009 - 08:13 PM

Hello and welcome.
Please post that infected Malwarebytes log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Next run another rootkit scan:
Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Now an Online scan
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 novacanary

novacanary
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 25 September 2009 - 11:02 AM

Thank you for guiding me to where I should be and for helping me with this problem. I have tried to read all the tutorials that would apply to my situation so as to post logs correctly.

To Orange Blossom - I only have wireless mouse. Will borrow a wired mouse today if I can and try it.

I am connected to FiberEdge internet through a Linksys Wireless-G Broadband Router if that makes any difference.

Attached are:

Malwarebyte logs from two scans done on 9/23/09
Malwarebyte log from 9/25/09
Sophos Anti-Rootkit log from 9/24/09

There is no Kaspersky Online Scanner log because the scan ran this morning produced no log file.

Malwarebytes' Anti-Malware 1.41
Database version: 2847
Windows 5.1.2600 Service Pack 3

9/23/2009 1:39:55 AM
mbam-log-2009-09-23 (01-39-55).txt

Scan type: Quick Scan
Objects scanned: 110318
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ran Malwarebytes again on 9/23/09.

Malwarebytes' Anti-Malware 1.41
Database version: 2847
Windows 5.1.2600 Service Pack 3

9/23/2009 1:48:41 AM
mbam-log-2009-09-23 (01-48-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 39211
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Ran Malwarebytes again today after running Sophos Anti-Rootkit and Kaspersky Online Scanner

Malwarebytes' Anti-Malware 1.41
Database version: 2847
Windows 5.1.2600 Service Pack 3

9/25/2009 10:01:08 AM
mbam-log-2009-09-25 (10-01-08).txt

Scan type: Full Scan (C:\|G:\|H:\|)
Objects scanned: 234143
Time elapsed: 37 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Sophos Anti-rootkit log

Sophos Anti-Rootkit Version 1.5.0 2009 Sophos Plc
Started logging on 9/24/2009 at 23:30:11 PM
User "Margaret Rouyea" on computer "VS782991"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files\Spybot - Search & Destroy\Updates\advcheck163.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1264\A0189074.exe
Hidden: file C:\Program Files\Outlook Express Backup Wizard\oebw.exe
Hidden: file C:\Program Files\CCleaner\uninst.exe
Hidden: file C:\DOTNETFX\NDPSP.EXE
Hidden: file C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\48851.48851.48851.48851.48851.38771.48851.48851.78282.38771.71746.71745.62864.38771.66362.77756.76912.69832.38771.63688.38771.73289.67088.55944.78448[1].14
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1210\A0183443.dll
Hidden: file C:\Program Files\AVG\AVG8\avgcorex.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1251\A0188071.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1251\A0188073.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\Updates\teatimer166.exe
Hidden: file C:\WINDOWS\system32\mfc71.dll
Hidden: file C:\WINDOWS\system32\mfc71u.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1229\A0186277.exe
Hidden: file C:\WINDOWS\system32\msdelta.dll
Hidden: file C:\Program Files\Ahead\Nero PhotoSnap\MFC71.dll
Hidden: file C:\Program Files\Ahead\NeroVision\NeVideoFX.dll
Hidden: file C:\Program Files\Common Files\Ahead\AudioPlugins\msa.dll
Hidden: file C:\WINDOWS\system32\dllcache\wmploc.dll
Hidden: file C:\WINDOWS\system32\wmploc.dll
Hidden: file C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\ISSetup.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1272\A0190658.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1274\A0193419.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1274\A0193393.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1274\A0193390.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1268\A0190262.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1274\A0193143.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1274\A0193141.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1255\A0188480.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1255\A0188489.exe
Hidden: file C:\Program Files\TurboTax\Home & Business 2006\DlInst\ISSetup.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1253\A0188376.exe
Hidden: file C:\Program Files\Lavasoft\Ad-Aware\pkarchive85u.dll
Hidden: file C:\Documents and Settings\Margaret Rouyea\My Documents\Computer\HousecallLauncher.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
Hidden: file C:\Program Files\Activision\Shanghai Dynasty\anet2.dll
Hidden: file C:\Program Files\Activision\Shanghai Dynasty\netshell\anet2.dll
Hidden: file C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Hidden: file C:\Program Files\TurboTax\Premier Home & Business 2002\32bit\prd.dll
Hidden: file C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
Hidden: file C:\WINDOWS\$NtServicePackUninstall$\xpsp2res.dll
Hidden: file C:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll
Hidden: file C:\WINDOWS\$NtServicePackUninstall$\sprb040d.dll
Hidden: file C:\WINDOWS\$NtServicePackUninstall$\sprb0401.dll
Hidden: file C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temp\HouseCall\TSC.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temp\HCBackup\iCRCReserve.tmp
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\standard;sz=120x60;tile=2;u=ga-spongebob-squarepants-fry-cook-flip-out%7Cpos-atf%7Ctag-adj%7Cmtype-standard%7Csz-120x60%7Ctile-2;ord=593298402684487200[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\ry-hubpage%7Ccountry-US%7Cpos-atf%7Cloggedin-false%7Crugrat-%7Cdemo-%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-off;ord=681998819998705000[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\ned%7C!category-ica%7Cshow_id-ica%7Cpos-atf%7Cloggedin-false%7Cdemo-%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=850691942769615700[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\My Documents\Computer\RootRepeal.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Desktop\RootRepeal.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\ry-hubpage%7Ccountry-US%7Cpos-atf%7Cloggedin-false%7Crugrat-%7Cdemo-%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-off;ord=494389370280317440[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\ned%7C!category-ica%7Cshow_id-ica%7Cpos-atf%7Cloggedin-false%7Cdemo-%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=262105935685090560[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\index;sec0=index;cat=1;pos=atf;tag=adj;mtype=standard;sz=200x90;tile=2;;u=cat-1_pos-atf_tag-adj_mtype-standard_sz-200x90_tile-2;ord=494389370280317440[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\index;sec0=index;cat=1;pos=btf;tag=adj;mtype=standard;sz=240x400;tile=3;;u=cat-1_pos-btf_tag-adj_mtype-standard_sz-240x400_tile-3;ord=494389370280317440[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\gory-hubpage%7Ccountry-US%7Cpos-atf%7Cloggedin-false%7Crugrat-%7Cdemo-%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-off;ord=4403131678683170[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\ga-%7C!category-ica%7C!category-%7C!category-%7C!category-expand%7C%7Ctag-adj%7Cmtype-standard%7Csz-200x90%7Ctile-1%7Cdcopt-off;ord=111659443231828570[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\ga-%7C!category-ica%7C!category-%7C!category-%7C!category-expand%7C%7Ctag-adj%7Cmtype-standard%7Csz-120x60%7Ctile-1%7Cdcopt-off;ord=770225738248327700[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\ga-%7C!category-ica%7C!category-%7C!category-%7C!category-expand%7C%7Ctag-adj%7Cmtype-standard%7Csz-120x60%7Ctile-1%7Cdcopt-off;ord=115204892288971970[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\ned%7C!category-ica%7Cshow_id-ica%7Cpos-atf%7Cloggedin-false%7Cdemo-%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=692287709626543300[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\ga-%7C!category-ica%7C!category-%7C!category-%7C!category-expand%7C%7Ctag-adj%7Cmtype-standard%7Csz-200x90%7Ctile-1%7Cdcopt-off;ord=453578630350237700[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\ga-%7C!category-ica%7C!category-%7C!category-%7C!category-expand%7C%7Ctag-adj%7Cmtype-standard%7Csz-200x90%7Ctile-1%7Cdcopt-off;ord=677404828008869000[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\ga-%7C!category-ica%7C!category-%7C!category-%7C!category-expand%7C%7Ctag-adj%7Cmtype-standard%7Csz-120x60%7Ctile-1%7Cdcopt-off;ord=203170632120212500[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\index;sec0=index;cat=1;pos=btf;tag=adj;mtype=standard;sz=240x400;tile=3;;u=cat-1_pos-btf_tag-adj_mtype-standard_sz-240x400_tile-3;ord=4403131678683170[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\;sec3=index;pos=atf;tag=adj;mtype=standard;sz=728x90;tile=1;dcopt=off;u=pos-atf_tag-adj_mtype-standard_sz-728x90_tile-1_dcopt-off;ord=593298402684487200[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\3095889400!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=523776160882301800[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\3976665800!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=119655299408576600[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\095889400!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=877907021057360200[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\8916000%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=313561531092379400[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\916000%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=562750778869327360[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\8916000%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-2%7Ctag-adj%7Cmtype-standard%7Csz-120x60;ord=445344599565328400[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\1094017400!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=721167118454383100[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\7361621400!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=201118934590870460[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\094017400!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=495152140139810940[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\6616615300!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=161579700218764770[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\616615300!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=812830012585142500[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\361621400!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=165751799702904900[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\3976665800!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=996162356325510500[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\976665800!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=639195001974104700[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\1087668600!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=467574089791619640[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\087668600!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=924120895641057800[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\pos-atf%7Ccat-3%7Cord-10494611554804246%7C!category-ica%7Cshow-ica%7Cga-ic_stack%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=170802117653538460[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\;sec3=index;pos=atf;tag=adj;mtype=standard;sz=728x90;tile=1;dcopt=off;u=pos-atf_tag-adj_mtype-standard_sz-728x90_tile-1_dcopt-off;ord=996007050979088100[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\standard;sz=120x60;tile=2;u=ga-spongebob-squarepants-fry-cook-flip-out%7Cpos-atf%7Ctag-adj%7Cmtype-standard%7Csz-120x60%7Ctile-2;ord=996007050979088100[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\-fry-cook-flip-out;sec3=index;pos=atf;tag=adj;mtype=standard;sz=160x600;tile=3;u=pos-atf_tag-adj_mtype-standard_sz-160x600_tile-3;ord=996007050979088100[1]
Hidden: file C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\;sec3=index;pos=atf;tag=adj;mtype=standard;sz=728x90;tile=1;dcopt=ist;u=pos-atf_tag-adj_mtype-standard_sz-728x90_tile-1_dcopt-ist;ord=349838609080286700[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\se;sec2=mini-games;sec3=index;pos=atf;tag=adj;mtype=standard;sz=300x250;tile=2;u=pos-atf_tag-adj_mtype-standard_sz-300x250_tile-2;ord=349838609080286700[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\index;sec0=index;cat=2;pos=atf;tag=adj;mtype=standard;sz=200x90;tile=2;;u=cat-2_pos-atf_tag-adj_mtype-standard_sz-200x90_tile-2;ord=681998819998705000[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\-fry-cook-flip-out;sec3=index;pos=atf;tag=adj;mtype=standard;sz=160x600;tile=3;u=pos-atf_tag-adj_mtype-standard_sz-160x600_tile-3;ord=593298402684487200[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\2278300%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=205664796069632740[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\2278300%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-2%7Ctag-adj%7Cmtype-standard%7Csz-120x60;ord=872375687551771900[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\278300%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=220312331110465300[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\7361621400!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=783297903894784400[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\6616615300!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=581965145722101900[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\index;sec0=index;cat=2;pos=btf;tag=adj;mtype=standard;sz=240x400;tile=3;;u=cat-2_pos-btf_tag-adj_mtype-standard_sz-240x400_tile-3;ord=681998819998705000[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\.housecall6.6\tsc.exe
Hidden: file C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
Hidden: file C:\Program Files\Rhapsody\google_bar\GDSSetup.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\-1%7Cord-856984903495141500%7C!category-tvshow_all%7Cshow-tvshow_all%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Cdcopt-ist;ord=669964648467204300[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\s-atf%7Ccat-1%7Cord-856984903495141500%7C!category-tvshow_all%7Cshow-tvshow_all%7Ctile-2%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=484926844883063360[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\index;sec0=index;cat=2;pos=atf;tag=adj;mtype=standard;sz=200x90;tile=2;;u=cat-2_pos-atf_tag-adj_mtype-standard_sz-200x90_tile-2;ord=162124487115116130[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\gory-games%7Cpos-atf%7Ccat-3%7Cord-375553234509960060%7C!category-ica%7Cshow-ica%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=598714624405971400[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\gory-games%7Cpos-atf%7Ccat-3%7Cord-375553234509960060%7C!category-ica%7Cshow-ica%7Ctile-2%7Ctag-adj%7Cmtype-standard%7Csz-120x60;ord=168661278715479260[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\ory-games%7Cpos-atf%7Ccat-3%7Cord-375553234509960060%7C!category-ica%7Cshow-ica%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=464727616500456100[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\s-atf%7Ccat-1%7Cord-740679963597863300%7C!category-ica%7Cshow-ica%7Cga-ic_stack%7Ctile-2%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=461542848132656250[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\os-atf%7Ccat-1%7Cord-740679963597863300%7C!category-ica%7Cshow-ica%7Cga-ic_stack%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=282142923824604030[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\2963300%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=945952251592469600[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\os-atf%7Ccat-3%7Cord-986227468463711100%7C!category-ica%7Cshow-ica%7Cga-ic_stack%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=914201783419105500[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\s-atf%7Ccat-3%7Cord-986227468463711100%7C!category-ica%7Cshow-ica%7Cga-ic_stack%7Ctile-2%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=791698562290138700[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\s-atf%7Ccat-1%7Cord-740679963597863300%7C!category-ica%7Cshow-ica%7Cga-ic_stack%7Ctile-2%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=689867698982187900[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\ck;sec0=games;sec1=ic_stack;pos=atf;tag=adj;mtype=standard;sz=2000x300;tile=1;u=pos-atf_tag-adj_mtype-standard_sz-2000x300_tile-1;ord=631772667157660900[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\ry-hubpage%7Ccountry-US%7Cpos-atf%7Cloggedin-false%7Crugrat-%7Cdemo-%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-off;ord=162124487115116130[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\os-atf%7Ccat-3%7Cord-10494611554804246%7C!category-ica%7Cshow-ica%7Cga-ic_stack%7Ctile-2%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=445465235018405050[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\os-atf%7Ccat-1%7Cord-740679963597863300%7C!category-ica%7Cshow-ica%7Cga-ic_stack%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=357106133377363840[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\s-atf%7Ccat-3%7Cord-986227468463711100%7C!category-ica%7Cshow-ica%7Cga-ic_stack%7Ctile-2%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=635344011546343700[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\963300%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=195855679887401200[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\index;sec0=index;cat=2;pos=btf;tag=adj;mtype=standard;sz=240x400;tile=3;;u=cat-2_pos-btf_tag-adj_mtype-standard_sz-240x400_tile-3;ord=162124487115116130[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\8443940%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=577986276722822400[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\18E93VZ7\8443940%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-2%7Ctag-adj%7Cmtype-standard%7Csz-120x60;ord=268018119012424770[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\443940%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=607993555903664100[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\TNE5HHQ7\4117696%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=772366635760620400[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\117696%7C!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=281636606143711200[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\9803941820!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=955103578112706200[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\803941820!category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=215378423621403970[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\95734036350category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=546650953242520600[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\5734036350category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=229331275669294000[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\2R6W085V\91560885500category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-1%7Ctag-adj%7Cmtype-standard%7Csz-728x90;ord=490078472517717050[1]
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temporary Internet Files\Content.IE5\P7ULE76M\1560885500category-bra%7Cshow-bra%7Cga-brain-surge-brain-training%7CisGotw-true%7Ctile-3%7Ctag-adj%7Cmtype-standard%7Csz-300x250;ord=239943190845892860[1]
Hidden: file C:\WINDOWS\system32\dllcache\sprb0401.dll
Hidden: file C:\WINDOWS\system32\dllcache\sprb040D.dll
Hidden: file C:\Program Files\InstallShield Installation Information\{15FE4D77-D717-4632-8EA8-B6BB258CFC7D}\ISSetup.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1193\A0180554.exe
Hidden: file C:\Program Files\InstallShield Installation Information\{D14E3D40-2004-11D3-BFBF-00A0248F3321}\ISSetup.dll
Hidden: file C:\Program Files\Common Files\AnswerWorks 4.0\awTPort.dll
Hidden: file C:\Program Files\Common Files\AnswerWorks 4.0\LtSpynEn30.dll
Hidden: file C:\Documents and Settings\Margaret Rouyea\Desktop\dds.scr
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1277\A0194237.exe
Hidden: file C:\WINDOWS\ServicePackFiles\i386\kperdpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\msncli.exe
Hidden: file C:\WINDOWS\ServicePackFiles\i386\ipevldpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\kprodpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\ipseldpc.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1255\A0188476.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1272\A0190667.exe
Hidden: file C:\Program Files\Common Files\AnswerWorks 5.0\LtSpynEn30.dll
Hidden: file C:\Program Files\Common Files\AnswerWorks 5.0\VFisSDK25.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\isdpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\knperdpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\knprodpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\isendpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\sprb040d.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\sprb0401.dll
Hidden: file C:\WINDOWS\system32\mui\0401\xpsp2res.dll
Hidden: file C:\WINDOWS\system32\mui\040D\xpsp2res.dll
Hidden: file C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe
Hidden: file C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW-BI.exe
Hidden: file C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\ISSetup.dll
Hidden: file C:\Program Files\SEGA\Medieval II Total War\medieval2.exe
Hidden: file C:\Program Files\SEGA\Medieval II Total War\MFC71.dll
Stopped logging on 9/25/2009 at 0:15:36 AM


Sophos Anti-Rootkit Version 1.5.0 2009 Sophos Plc
Started logging on 9/25/2009 at 2:22:53 AM
User "Margaret Rouyea" on computer "VS782991"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files\Spybot - Search & Destroy\Updates\advcheck163.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1264\A0189074.exe
Hidden: file C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1210\A0183443.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1251\A0188071.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1251\A0188073.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\Updates\teatimer166.exe
Hidden: file C:\WINDOWS\system32\mfc71u.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1229\A0186277.exe
Hidden: file C:\WINDOWS\system32\msdelta.dll
Hidden: file C:\Program Files\Ahead\Nero PhotoSnap\MFC71.dll
Hidden: file C:\Program Files\Ahead\NeroVision\NeVideoFX.dll
Hidden: file C:\Program Files\Common Files\Ahead\AudioPlugins\msa.dll
Hidden: file C:\WINDOWS\system32\dllcache\wmploc.dll
Hidden: file C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\ISSetup.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1272\A0190658.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1274\A0193419.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1274\A0193393.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1274\A0193390.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1268\A0190262.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1274\A0193143.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1274\A0193141.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1255\A0188480.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1255\A0188489.exe
Hidden: file C:\Program Files\TurboTax\Home & Business 2006\DlInst\ISSetup.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1253\A0188376.exe
Hidden: file C:\Program Files\Lavasoft\Ad-Aware\pkarchive85u.dll
Hidden: file C:\Documents and Settings\Margaret Rouyea\My Documents\Computer\HousecallLauncher.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
Hidden: file C:\Program Files\Activision\Shanghai Dynasty\anet2.dll
Hidden: file C:\Program Files\Activision\Shanghai Dynasty\netshell\anet2.dll
Hidden: file C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Hidden: file C:\Program Files\TurboTax\Premier Home & Business 2002\32bit\prd.dll
Hidden: file C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
Hidden: file C:\WINDOWS\$NtServicePackUninstall$\xpsp2res.dll
Hidden: file C:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll
Hidden: file C:\WINDOWS\$NtServicePackUninstall$\sprb040d.dll
Hidden: file C:\WINDOWS\$NtServicePackUninstall$\sprb0401.dll
Hidden: file C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temp\HouseCall\TSC.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Local Settings\Temp\HCBackup\iCRCReserve.tmp
Hidden: file C:\Documents and Settings\Margaret Rouyea\My Documents\Computer\RootRepeal.exe
Hidden: file C:\Documents and Settings\Margaret Rouyea\Desktop\RootRepeal.exe
Hidden: file C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
Hidden: file C:\Documents and Settings\Margaret Rouyea\.housecall6.6\tsc.exe
Hidden: file C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
Hidden: file C:\Program Files\Rhapsody\google_bar\GDSSetup.exe
Hidden: file C:\WINDOWS\system32\dllcache\sprb0401.dll
Hidden: file C:\WINDOWS\system32\dllcache\sprb040D.dll
Hidden: file C:\Program Files\InstallShield Installation Information\{15FE4D77-D717-4632-8EA8-B6BB258CFC7D}\ISSetup.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1193\A0180554.exe
Hidden: file C:\Program Files\InstallShield Installation Information\{D14E3D40-2004-11D3-BFBF-00A0248F3321}\ISSetup.dll
Hidden: file C:\Program Files\Common Files\AnswerWorks 4.0\awTPort.dll
Hidden: file C:\Program Files\Common Files\AnswerWorks 4.0\LtSpynEn30.dll
Hidden: file C:\Documents and Settings\Margaret Rouyea\Desktop\dds.scr
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1277\A0194237.exe
Hidden: file C:\WINDOWS\ServicePackFiles\i386\kperdpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\msncli.exe
Hidden: file C:\WINDOWS\ServicePackFiles\i386\ipevldpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\kprodpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\ipseldpc.dll
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1255\A0188476.exe
Hidden: file C:\System Volume Information\_restore{9D4E1CFF-8138-497F-9012-3F1FB90B62BB}\RP1272\A0190667.exe
Hidden: file C:\Program Files\Common Files\AnswerWorks 5.0\LtSpynEn30.dll
Hidden: file C:\Program Files\Common Files\AnswerWorks 5.0\VFisSDK25.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\isdpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\knperdpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\knprodpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\isendpc.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\sprb040d.dll
Hidden: file C:\WINDOWS\ServicePackFiles\i386\sprb0401.dll
Hidden: file C:\WINDOWS\system32\mui\0401\xpsp2res.dll
Hidden: file C:\WINDOWS\system32\mui\040D\xpsp2res.dll
Hidden: file C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe
Hidden: file C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW-BI.exe
Hidden: file C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\ISSetup.dll
Hidden: file C:\Program Files\SEGA\Medieval II Total War\medieval2.exe
Hidden: file C:\Program Files\SEGA\Medieval II Total War\MFC71.dll
Stopped logging on 9/25/2009 at 3:06:19 AM

Edited by novacanary, 25 September 2009 - 11:20 AM.


#5 novacanary

novacanary
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 25 September 2009 - 11:22 AM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Do you have the same problem if you plug in a wired mouse?

Orange Blossom :thumbsup:



Only have wireless mouse - will try to borrow a wired mouse today and try that.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 AM

Posted 25 September 2009 - 11:28 AM

Looks pretty good .Is the mouse issue the only issue remaining?
You may also try reinstalling the mouse software.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 novacanary

novacanary
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 25 September 2009 - 11:44 AM

Still getting redirected.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 AM

Posted 25 September 2009 - 02:24 PM

Ok, we will run these next. I think this will do it.
Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Next run ATF and SAS:
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post 2 logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 novacanary

novacanary
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 25 September 2009 - 03:16 PM

Oops, missed your last post. Sent request to HijackThis topic. What should I do now?

#10 novacanary

novacanary
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 25 September 2009 - 03:17 PM

Should I delete the post to HijackThis?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 AM

Posted 25 September 2009 - 03:21 PM

Run these first and see if it's fixed .
Then we''ll do something with the HJT log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 novacanary

novacanary
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 26 September 2009 - 10:56 AM

Have tried. When I try to run my regular account in SafeMode the SAS program I get - Windows installer could not be accessed that it is installed incorrectly or will not run in SafeMode. If I try in SafeMode to do a run as Administator I get "Will not run in SafeMode" I tried the guest account in SafeMode and get "will not run in SafeMode.

I printed your instructions and followed each step.

GooredFix by jpshortstuff (24.09.09.1)
Log created at 10:39 on 26/09/2009 (Margaret Rouyea)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:44 19/05/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:52 18/03/2009]

---------- Old Logs ----------
GooredFix[00.55.28_26-09-2009].txt

-=E.O.F=-

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 AM

Posted 26 September 2009 - 08:53 PM

Looks like we are better off with HJT now. you have several issues ti be fixed. So I will close this with my normal reply.


Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users