Solved Super Slow Boot, plus ad windows everywhere! - DSS main log

[Resolved]Super Slow Boot, plus ad windows everywhere! - DSS main log

Hi,

Over the past 2 days, I've witness my computer slow to a crawl in Normal mode and Safe mode. Plus, even though I use Firefox I get IE ad windows if I ever surf. I've since unplugged my computer. My Norton Firewall block certain packages coming from my computer.

I've notice the following files:

17PHolmes10006.exe (once when I shutdown - error closing)
c:\Windows\tk.exe (from Adaware scan - removed supposedly, but doesn't improve performance)

I'm a newbie and scared I'll lose my whole HD. I've run HijackThis - log as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:08 AM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Drmupgds\Drmupgds.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnyes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [4c86c91b] rundll32.exe "C:\WINDOWS\system32\cyjtuvys.dll ",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [hip2p] C:\Program Files\hip2p\hip2p.exe min
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-68e4741c1554c772.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9361 bytes

 

This is my DSS main.txt -- Please help!



Deckard's System Scanner v20071014.68
Run by Helen Chiu on 2008-02-06 00:56:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
56: 2008-02-06 05:56:56 UTC - RP829 - Deckard's System Scanner Restore Point
55: 2008-02-05 06:31:05 UTC - RP828 - Last known good configuration
54: 2008-02-05 06:30:53 UTC - RP827 - System Checkpoint
53: 2008-02-05 06:30:53 UTC - RP826 - System Checkpoint
52: 2008-02-05 06:30:53 UTC - RP825 - System Checkpoint


-- First Restore Point --
1: 2008-02-05 06:30:39 UTC - RP774 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 9.26 GiB (less than 15%) free.


-- HijackThis (run as Helen Chiu.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:25 AM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Drmupgds\Drmupgds.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Helen Chiu\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Helen Chiu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnyes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: 0 - {062479A8-C6C3-4A5E-9D8E-E5F2D9E02CAB} - C:\Program Files\Common Files\qucav.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: {7d27df1d-7dc9-ecab-dd24-f9a0b95663a2} - {2a36659b-0a9f-42dd-bace-9cd7d1fd72d7} - C:\WINDOWS\system32\pfnvdsdd.dll
O2 - BHO: (no name) - {39EBC0A3-0793-4B15-AAF2-0CDA23BB2D3E} - C:\Program Files\Windows NT\meqocahot4444.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {78E5CBB5-A5C2-4FCF-8E72-54273C3AA186} - C:\WINDOWS\system32\jkhfc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96e54d11-3a80-40b1-b98f-35619fe2faaa} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wslezvlu.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\opnopqq.dll
O2 - BHO: (no name) - {FC2C0946-1082-40F3-88CB-080546426B2F} - C:\Program Files\Windows NT\meqocahot83122.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [4c86c91b] rundll32.exe "C:\WINDOWS\system32\cyjtuvys.dll ",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [hip2p] C:\Program Files\hip2p\hip2p.exe min
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-68e4741c1554c772.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: cmsCFG - cmsCFG.dll (file missing)
O20 - Winlogon Notify: opnopqq - C:\WINDOWS\SYSTEM32\opnopqq.dll
O20 - Winlogon Notify: wslezvlu - C:\WINDOWS\SYSTEM32\wslezvlu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11200 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1 "


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FLPYDISKK - c:\windows\system32\drivers\flpydiskk.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link AirPlus Xtreme G DWL-G132 Wireless USB Adapter(rev.A)
Device ID: USB\VID_2001&PID_3A02\1.0
Manufacturer: D-Link
Name: D-Link AirPlus Xtreme G DWL-G132 Wireless USB Adapter(rev.A)
PNP Device ID: USB\VID_2001&PID_3A02\1.0
Service: A5AGU


-- Scheduled Tasks -------------------------------------------------------------

2008-02-06 00:58:15 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-02-04 20:42:41 632 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Helen Chiu.job
2008-02-01 17:15:00 400 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-01-22 13:19:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-06 and 2008-02-06 -----------------------------

2008-02-05 22:43:24 0 d-------- C:\Program Files\Trend Micro
2008-02-05 01:33:28 88128 --a------ C:\WINDOWS\system32\cyjtuvys.dll
2008-02-05 01:31:55 163904 --a------ C:\WINDOWS\system32\wslezvlu.dll
2008-02-05 01:31:52 163904 --a------ C:\WINDOWS\system32\vhosgnsk.dll
2008-02-05 01:31:46 93248 --a------ C:\WINDOWS\system32\pfnvdsdd.dll
2008-02-05 01:30:28 365559 --ahs---- C:\WINDOWS\system32\cfhkj.ini2
2008-02-05 01:30:21 328704 --a------ C:\WINDOWS\system32\jkhfc.dll
2008-02-05 01:26:38 0 d-------- C:\Program Files\Drmupgds
2008-02-05 01:26:37 0 d-------- C:\Program Files\Temporary
2008-02-05 00:54:55 169147 --a------ C:\WINDOWS\TTC-4444.exe
2008-02-05 00:54:45 36864 --a------ C:\WINDOWS\17PHolmes1000106.exe
2008-02-05 00:54:11 86016 --a------ C:\WINDOWS\system32\drivers\FLPYDISKK.sys
2008-02-05 00:54:10 0 d-------- C:\WINDOWS\system32\z6
2008-02-05 00:54:10 0 d-------- C:\WINDOWS\system32\v9
2008-02-05 00:54:10 0 d-------- C:\WINDOWS\system32\s5
2008-02-05 00:54:10 0 d-------- C:\WINDOWS\system32\b3
2008-02-05 00:54:09 0 d-------- C:\WINDOWS\system32\p4
2008-02-05 00:53:51 36864 --a------ C:\WINDOWS\mrofinu572.exe
2008-02-05 00:53:35 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-02-05 00:53:32 0 d-------- C:\WINDOWS\system32\nGpxx01
2008-02-05 00:53:20 40960 --a------ C:\WINDOWS\system32\opnopqq.dll
2008-02-04 11:13:36 54272 --a------ C:\WINDOWS\b122.exe
2008-01-15 16:52:24 140800 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe


-- Find3M Report ---------------------------------------------------------------

2008-02-05 01:28:21 0 d-------- C:\Program Files\Common Files
2008-02-05 01:27:59 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-05 01:26:37 0 d-------- C:\Program Files\Windows NT
2008-02-01 18:51:16 0 d-------- C:\Documents and Settings\Helen Chiu\Application Data\uTorrent
2008-01-30 23:41:43 0 d-------- C:\Program Files\Net2Phone CommCenter
2008-01-23 14:44:09 0 d-------- C:\Documents and Settings\Helen Chiu\Application Data\Intuit
2008-01-02 00:51:12 0 d-------- C:\Program Files\Sportsbook Poker
2007-12-25 21:44:28 0 d-------- C:\Program Files\WON
2007-12-25 21:41:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-25 21:40:59 0 d-------- C:\Program Files\MasterCook 8
2007-12-25 21:36:59 0 d-------- C:\Documents and Settings\Helen Chiu\Application Data\Adobe
2007-12-14 02:39:04 0 d-------- C:\Documents and Settings\Helen Chiu\Application Data\Skype
2007-12-10 22:07:11 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-10 21:52:23 0 d-------- C:\Program Files\TurboTax


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{062479A8-C6C3-4A5E-9D8E-E5F2D9E02CAB}]
C:\Program Files\Common Files\qucav.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2a36659b-0a9f-42dd-bace-9cd7d1fd72d7}]
02/05/2008 01:31 AM 93248 --a------ C:\WINDOWS\system32\pfnvdsdd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39EBC0A3-0793-4B15-AAF2-0CDA23BB2D3E}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\Windows NT\meqocahot4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78E5CBB5-A5C2-4FCF-8E72-54273C3AA186}]
02/05/2008 01:30 AM 328704 --a------ C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96e54d11-3a80-40b1-b98f-35619fe2faaa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
02/05/2008 01:31 AM 163904 --a------ C:\WINDOWS\system32\wslezvlu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
02/05/2008 12:53 AM 40960 --a------ C:\WINDOWS\system32\opnopqq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC2C0946-1082-40F3-88CB-080546426B2F}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\Windows NT\meqocahot83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/11/2005 07:34 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"lxamsp32.exe "= "lxamsp32.exe" [10/21/2001 02:12 PM C:\WINDOWS\SYSTEM32\LXAMSP32.EXE]
"PrinTray "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [10/21/2001 11:54 AM]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"runner1 "= "C:\WINDOWS\mrofinu572.exe" [02/05/2008 12:53 AM]
"4c86c91b "= "C:\WINDOWS\system32\cyjtuvys.dll" [02/05/2008 01:33 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"TuneUp MemOptimizer "= "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" []
"hip2p "= "C:\Program Files\hip2p\hip2p.exe" [02/15/2006 09:23 AM]
"Drmupgds "= "C:\Program Files\Drmupgds\Drmupgds.exe" [02/05/2008 01:26 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator "=Narrator.exe

C:\Documents and Settings\Helen Chiu\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 1:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AcBtnMgr_X63.exe.lnk - C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe [6/6/2001 3:03:10 PM]
ACMonitor_X63.exe.lnk - C:\Program Files\LexmarkX63\ACMonitor_X63.exe [6/6/2001 3:02:28 PM]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [12/16/2005 9:55:16 PM]
DESKTOP.INI [8/10/2004 1:04:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E180F496-8A4B-44E2-9FE0-0364E345DB7F} "= C:\WINDOWS\system32\opnopqq.dll [02/05/2008 12:53 AM 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cmsCFG]
cmsCFG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopqq]
opnopqq.dll 02/05/2008 12:53 AM 40960 C:\WINDOWS\SYSTEM32\opnopqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wslezvlu]
wslezvlu.dll 02/05/2008 01:31 AM 163904 C:\WINDOWS\SYSTEM32\wslezvlu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\system32\jkhfc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1134535982\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skyme]
NULL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Unshare]
C:\Program Files\safe-share\SafeShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS "=3 (0x3)
"CiSvc "=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CommCtr "=C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
"spc_w "= "C:\Program Files\NZSearch\nzspc.exe" -w

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ViewMgr "=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"PrinTray "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"ANIWZCS2Service "=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022 "= "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t "The Company\MP3 Flash Drive Driver v2.08r022 "
"SunJavaUpdateSched "=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
"Symantec NetDriver Monitor "=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-02-06 01:00:48 ------------------------

 

Hi schin
Welcome to Windowsbbs

I have merged your two threads, please make all replies to this thread.

Please give me a uninstall list, here is how.

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager "
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

Please post the results here.

Thanks
Geri

 

uninstall_list.txt

Hi Geri,

Thanks for the warm greetings. I've read a couple of posts and everyone seems super helpful.

I ran in normal mode and I noticed it tried to reach the web after logging in. Luckily, it's unplugged. This is a shared computer, so I'm not conscience of all that is installed.

Thanks for your help. Looking forward to your reply.

Below is my uninstall_list.txt:

µTorrent
ACDSee 8
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 7.0.9 Professional
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader Chinese Traditional Fonts
Adobe Shockwave Player
Adobe Stock Photos 1.0
AirPlus XtremeG
ANIO Service
ANIWZCS2 Service
AnswerWorks 4.0 Runtime - English
AppCore
Apple Mobile Device Support
Apple Software Update
AV
BUM
Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter2
Canon Utilities RemoteCapture 2.4
Canon Utilities ZoomBrowser EX
ccCommon
Conexant D850 56K V.9x DFVc Modem
dBpoweramp Music Converter
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support 3.1
Digital Line Detect
DVD Decrypter (Remove Only)
Free WMA to MP3 Converter 1.16
FXCM Chart Plugin II
FXCM News Plugin II
FXCM Trading Station II
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Ipswitch WS_FTP LE
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
K-Lite Mega Codec Pack 1.53
LaserJet 1020 series
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
LLC Forms
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Outlook Web Access S/MIME
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Helper
Mozilla Firefox (2.0.0.11)
MP3 Flash Drive Driver v2.08r022
MSRedist
Nero 6 Enterprise Edition
Net2Phone CommCenter
NetWaiting
NetZero Internet
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Outerinfo
PCMan 2004 Combo
PowerDVD
PowerISO
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer
River Past Audio Converter
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Skype 1.4
Smart Wedding 4.0
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC 32bit
SymNet
Turbo Lister 2
TurboTax Deluxe 2007
TurboTax Premier 2005
TurboTax Premier Investments 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.2
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebPainter for Win32 version 3.0
WexTech AnswerWorks
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893086
WinRAR archiver

 

Hi schin

All accounts will need to be gone through and cleaned,,,one at a time. Remind me of this after this account is cleaned. thanks.

Please do this in the order given.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Outerinfo

Please note any other programs that you dont recognize in that list and post them in your next response

Now this.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Now do this.

Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
It's best to disable realtime protection applications as they sometimes interfere with the tool. Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please post the SDFix log and the Combofix log.

Thanks
Geri

 

Can't remove Outerinfo

Geri,

I tried to remove OuterInfo which takes 715 megs of data, but I get the following message:

Yazzle Uninstall
=============
Download of uninstaller failed: creating socket. Please download and run the uninstaller from http://www.outerinfo.com/OiUninstaller.exe

I've tried to d/l it, but the site/file is not there.

I have the following programs which I do not recognize:

Anio Service
Aniwzcsz Service
Drmupgds
Qualxserve Service Agreement
WexTechAnswerWorks

Should I proceed with SDFix and ComboFix without uninstalling this? I tried in both Safe and Normal mode.

 

Hi

Just proceed with the tools I asked you to run.

Geri

 

Report.txt

SDFix: Version 1.137

Run by Helen Chiu on Thu 02/07/2008 at 02:00 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\PROGRA~1\COMMON~1\RTELEK~1.HTM - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe - Deleted
C:\WINDOWS\17PHolmes1000106.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\mrofinu572.exe - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\TTC-4444.exe - Deleted


Could Not Remove C:\WINDOWS\system32\drivers\core.cache.dsk

Folder C:\Program Files\Temporary - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\tn3 - Removed


Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 02:15:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0 "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader "
"C:\\Program Files\\Common Files\\AOL\\1134535982\\ee\\aolsoftware.exe "= "C:\\Program Files\\Common Files\\AOL\\1134535982\\ee\\aolsoftware.exe:*:Enabled:AOL Services "
"C:\\Program Files\\Common Files\\AOL\\1134535982\\ee\\aim6.exe "= "C:\\Program Files\\Common Files\\AOL\\1134535982\\ee\\aim6.exe:*:Enabled:AIM "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\uTorrent\\utorrent.exe "= "C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent "
"C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe "= "C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax "
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe "= "C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe "= "C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe "= "C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax "
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe "= "C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0 "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

Remaining Files:
---------------
C:\WINDOWS\system32\drivers\core.cache.dsk Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 8 Oct 2005 337,723 A.SH. --- "C:\WINDOWS\SYSTEM32\jjkkj.bak2 "
Thu 7 Feb 2008 210 ..SH. --- "C:\WINDOWS\SYSTEM32\wslezvlu.dllbox "
Fri 7 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT5.tmp "
Tue 22 Jun 2004 53,248 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL0003.tmp "
Tue 22 Jun 2004 20,480 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL0005.tmp "
Tue 22 Jun 2004 25,088 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL0171.tmp "
Tue 22 Jun 2004 20,480 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL0585.tmp "
Tue 22 Jun 2004 27,648 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL0640.tmp "
Tue 22 Jun 2004 25,088 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL0681.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL0720.tmp "
Tue 22 Jun 2004 25,600 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL1074.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL1110.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL1138.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL1295.tmp "
Tue 22 Jun 2004 26,112 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL1990.tmp "
Tue 22 Jun 2004 27,648 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL2102.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL2396.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL2500.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL3161.tmp "
Tue 22 Jun 2004 69,632 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL3387.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL3491.tmp "
Tue 22 Jun 2004 23,552 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL3518.tmp "
Tue 22 Jun 2004 23,040 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL3520.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Memory Stick\New Folder\~WRL3646.tmp "
Mon 26 Aug 2002 29,184 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL0001.tmp "
Mon 26 Aug 2002 29,184 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL0002.tmp "
Mon 26 Aug 2002 29,696 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL0003.tmp "
Thu 22 Aug 2002 19,456 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL0005.tmp "
Mon 26 Aug 2002 30,208 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL0565.tmp "
Mon 26 Aug 2002 29,696 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL0728.tmp "
Mon 26 Aug 2002 29,184 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL0928.tmp "
Mon 26 Aug 2002 28,672 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL0987.tmp "
Mon 26 Aug 2002 29,696 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL1023.tmp "
Mon 26 Aug 2002 28,160 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL1340.tmp "
Mon 26 Aug 2002 29,696 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL1982.tmp "
Mon 26 Aug 2002 28,672 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL2350.tmp "
Mon 26 Aug 2002 29,184 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL2720.tmp "
Mon 26 Aug 2002 29,696 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL3173.tmp "
Mon 26 Aug 2002 28,672 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL3543.tmp "
Mon 26 Aug 2002 29,184 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\~WRL4031.tmp "
Mon 19 Aug 2002 3,958 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\MP32.tmp "
Mon 19 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\MP32h.tmp "
Mon 19 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\MP32s.tmp "
Sun 18 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\MP338h.tmp "
Sun 18 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\MP338s.tmp "
Sun 18 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\MP33Ah.tmp "
Sun 18 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\MP33As.tmp "
Mon 19 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\MP3h.tmp "
Mon 19 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\MP3s.tmp "
Sun 18 Aug 2002 10,294 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\My 39h.tmp "
Sun 18 Aug 2002 10,294 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\My 39s.tmp "
Wed 2 Oct 2002 9,718 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\Off2.tmp "
Wed 2 Oct 2002 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\Off2h.tmp "
Wed 2 Oct 2002 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\Off2s.tmp "
Thu 1 Apr 2004 9,718 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\Off3.tmp "
Thu 1 Apr 2004 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\Off3h.tmp "
Thu 1 Apr 2004 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\Off3s.tmp "
Sun 9 Jun 2002 7,318 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\OffEC.tmp "
Sun 9 Jun 2002 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\OffECh.tmp "
Sun 9 Jun 2002 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\OffECs.tmp "
Sun 9 Jun 2002 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\Officeh.tmp "
Sun 9 Jun 2002 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\Offices.tmp "
Fri 21 Jun 2002 6,358 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\??31.tmp "
Fri 21 Jun 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\??31h.tmp "
Fri 21 Jun 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\??31s.tmp "
Fri 21 Jun 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\??h.tmp "
Fri 21 Jun 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\??s.tmp "
Sun 9 Jun 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???11Bh.tmp "
Sun 9 Jun 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???11Bs.tmp "
Wed 25 Sep 2002 5,398 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???2.tmp "
Fri 21 Jun 2002 4,918 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???2C.tmp "
Fri 21 Jun 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???2Ch.tmp "
Fri 21 Jun 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???2Cs.tmp "
Wed 25 Sep 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???2h.tmp "
Wed 25 Sep 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???2s.tmp "
Wed 24 Sep 2003 4,918 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???3.tmp "
Wed 24 Sep 2003 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???3h.tmp "
Wed 24 Sep 2003 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???3s.tmp "
Mon 3 Jan 2005 4,918 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???4.tmp "
Mon 3 Jan 2005 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???4h.tmp "
Mon 3 Jan 2005 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\???4s.tmp "
Sun 9 Jun 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\??????h.tmp "
Sun 9 Jun 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Local Settings\Temp\??????s.tmp "
Fri 31 May 2002 4,348 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\My Music\License Backup\drmv1key.bak "
Tue 20 Jul 2004 20 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\My Music\License Backup\drmv1lic.bak "
Tue 23 Sep 2003 400 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\My Music\License Backup\drmv2key.bak "
Tue 20 Jul 2004 1,536 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\My Music\License Backup\drmv2lic.bak "
Fri 6 Feb 2004 24,576 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\Prof Alt\States Book Project\~WRL0957.tmp "
Thu 20 Mar 2003 172,544 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\Calendar\~WRL0005.tmp "
Wed 20 Nov 2002 92,160 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\Calendar\~WRL0185.tmp "
Wed 20 Nov 2002 87,040 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\Calendar\~WRL0709.tmp "
Wed 20 Nov 2002 172,032 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\Calendar\~WRL0754.tmp "
Wed 20 Nov 2002 84,992 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\Calendar\~WRL0829.tmp "
Thu 20 Mar 2003 158,720 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\Calendar\~WRL1468.tmp "
Thu 20 Mar 2003 19,456 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\Calendar\~WRL2041.tmp "
Wed 20 Nov 2002 189,952 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\Calendar\~WRL2271.tmp "
Mon 2 Sep 2002 29,184 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL0001.tmp "
Tue 3 Sep 2002 29,184 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL0003.tmp "
Fri 13 Sep 2002 25,088 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL0004.tmp "
Tue 3 Sep 2002 29,696 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL0005.tmp "
Tue 3 Sep 2002 28,672 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL0567.tmp "
Tue 3 Sep 2002 28,160 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL0762.tmp "
Tue 3 Sep 2002 28,160 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL1194.tmp "
Tue 3 Sep 2002 29,184 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL2053.tmp "
Tue 3 Sep 2002 29,696 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL3054.tmp "
Tue 3 Sep 2002 30,208 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL3132.tmp "
Tue 3 Sep 2002 28,160 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL3141.tmp "
Tue 3 Sep 2002 30,720 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_INTERNSHIP\~WRL3443.tmp "
Thu 28 Jul 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp "
Thu 28 Jul 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp "
Thu 28 Jul 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp "
Tue 23 Aug 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp "
Sat 25 Oct 2003 30,208 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL0002.tmp "
Tue 28 Oct 2003 31,232 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL0882.tmp "
Tue 28 Oct 2003 32,256 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL1086.tmp "
Tue 28 Oct 2003 32,768 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL1139.tmp "
Tue 28 Oct 2003 32,256 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL1455.tmp "
Tue 28 Oct 2003 32,768 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL1534.tmp "
Tue 28 Oct 2003 34,304 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL1953.tmp "
Tue 28 Oct 2003 30,720 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL2253.tmp "
Tue 28 Oct 2003 33,792 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL2562.tmp "
Tue 28 Oct 2003 32,256 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL2760.tmp "
Tue 28 Oct 2003 30,720 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL3429.tmp "
Tue 28 Oct 2003 32,768 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL3538.tmp "
Tue 28 Oct 2003 32,768 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL3610.tmp "
Tue 28 Oct 2003 31,232 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL3883.tmp "
Tue 28 Oct 2003 31,232 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL3907.tmp "
Tue 28 Oct 2003 32,768 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\UMCP Assignment\CPQ_FullTime\SCI One-on-One Consulting\~WRL3957.tmp "
Tue 22 Jun 2004 53,248 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL0003.tmp "
Tue 22 Jun 2004 20,480 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL0005.tmp "
Tue 22 Jun 2004 25,088 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL0171.tmp "
Tue 22 Jun 2004 20,480 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL0585.tmp "
Tue 22 Jun 2004 27,648 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL0640.tmp "
Tue 22 Jun 2004 25,088 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL0681.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL0720.tmp "
Tue 22 Jun 2004 25,600 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL1074.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL1110.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL1138.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL1295.tmp "
Tue 22 Jun 2004 26,112 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL1990.tmp "
Tue 22 Jun 2004 27,648 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL2102.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL2396.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL2500.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL3161.tmp "
Tue 22 Jun 2004 69,632 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL3387.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL3491.tmp "
Tue 22 Jun 2004 23,552 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL3518.tmp "
Tue 22 Jun 2004 23,040 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL3520.tmp "
Tue 22 Jun 2004 24,064 ...H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\My Documents\_FT Job Search\Jun & Jul 2004\New Folder\~WRL3646.tmp "
Sun 24 Jul 2005 3,958 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\MP32.tmp "
Mon 19 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\MP32h.tmp "
Mon 19 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\MP32s.tmp "
Sun 18 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\MP33Ah.tmp "
Sun 18 Aug 2002 7,222 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\MP33As.tmp "
Thu 3 Oct 2002 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\Off2h.tmp "
Thu 3 Oct 2002 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\Off2s.tmp "
Sun 24 Jul 2005 9,718 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\Off3.tmp "
Fri 2 Apr 2004 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\Off3h.tmp "
Fri 2 Apr 2004 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\Off3s.tmp "
Sun 9 Jun 2002 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\OffECh.tmp "
Sun 9 Jun 2002 8,246 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\OffECs.tmp "
Sat 22 Jun 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\???2Ch.tmp "
Sat 22 Jun 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\???2Cs.tmp "
Wed 25 Sep 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\???2h.tmp "
Wed 25 Sep 2002 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\???2s.tmp "
Wed 24 Sep 2003 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\???3h.tmp "
Wed 24 Sep 2003 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\???3s.tmp "
Sun 24 Jul 2005 4,918 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\???4.tmp "
Mon 3 Jan 2005 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\???4h.tmp "
Mon 3 Jan 2005 9,270 A..H. --- "C:\Documents and Settings\Helen Chiu\My Documents\_Laptop 08.01.05\Helen\Application Data\Microsoft\Office\Shortcut Bar\???4s.tmp "

Finished!

 

ComboFix.log

ComboFix 08-02.05.3 - Helen Chiu 2008-02-07 22:02:13.2 - NTFSx86
Running from: C:\Documents and Settings\Helen Chiu\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-07 02:32 . 2004-08-04 05:00 388,608 --a------ C:\kmd.exe
2008-02-07 01:57 . 2008-02-07 01:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-07 00:38 . 2008-02-07 02:30 <DIR> d-------- C:\SDFix
2008-02-06 00:50 . 2008-02-06 00:50 <DIR> d-------- C:\Deckard
2008-02-05 22:43 . 2008-02-05 22:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 01:26 . 2008-02-05 01:26 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-05 00:53 . 2008-02-05 00:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\nGpxx01
2008-02-05 00:53 . 2008-02-05 00:54 <DIR> d-------- C:\temp\isgTi19

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 03:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 08:15 --------- d-----w C:\Documents and Settings\Helen Chiu\Application Data\Lavasoft
2008-02-07 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-07 02:25 --------- d-----w C:\Program Files\Sierra On-Line
2008-02-07 02:25 --------- d-----w C:\Program Files\Safe-Share Downloads
2008-02-07 02:25 --------- d-----w C:\Program Files\NetZero
2008-02-07 02:25 --------- d-----w C:\Program Files\NetWaiting
2008-02-07 02:25 --------- d-----w C:\Program Files\MP3 Flash Drive Driver v2.08r022
2008-02-07 02:25 --------- d-----w C:\Program Files\Modem Helper
2008-02-07 02:25 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-02-01 23:51 --------- d-----w C:\Documents and Settings\Helen Chiu\Application Data\uTorrent
2008-01-31 04:41 --------- d-----w C:\Program Files\Net2Phone CommCenter
2008-01-26 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-23 19:44 --------- d-----w C:\Documents and Settings\Helen Chiu\Application Data\Intuit
2008-01-02 05:51 --------- d-----w C:\Program Files\Sportsbook Poker
2007-12-26 02:44 --------- d-----w C:\Program Files\WON
2007-12-26 02:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 02:40 --------- d-----w C:\Program Files\MasterCook 8
2007-12-11 03:07 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-11 02:52 --------- d-----w C:\Program Files\TurboTax
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-03-25 13:29 439,296 ----a-w C:\Documents and Settings\Helen Chiu\GoToAssist_phone__317_en.exe
2006-11-09 00:57 194,376 ----a-w C:\Documents and Settings\Helen Chiu\Application Data\shb.dat
2005-11-10 17:29 389,120 ----a-w C:\Documents and Settings\Helen Chiu\remote.exe
2005-10-08 17:21 2,449,408 ----a-w C:\Documents and Settings\Helen Chiu\gosetup.exe
2005-10-08 16:01 337,723 -csha-w C:\WINDOWS\SYSTEM32\jjkkj.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{062479A8-C6C3-4A5E-9D8E-E5F2D9E02CAB}]
C:\Program Files\Common Files\qucav.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"TuneUp MemOptimizer "= "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [ ]
"hip2p "= "C:\Program Files\hip2p\hip2p.exe" [2006-02-15 09:23 3048960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-11 19:34 180269]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"lxamsp32.exe "= "lxamsp32.exe" [2001-10-21 14:12 45056 C:\WINDOWS\SYSTEM32\LXAMSP32.EXE]
"PrinTray "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-21 11:54 36864]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\SYSTEM32\NARRATOR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cmsCFG]
cmsCFG.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1134535982\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-10-11 19:35 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skyme]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-11 19:34 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Unshare]
C:\Program Files\safe-share\SafeShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS "=3 (0x3)
"CiSvc "=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CommCtr "=C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
"spc_w "= "C:\Program Files\NZSearch\nzspc.exe" -w

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ViewMgr "=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"PrinTray "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"ANIWZCS2Service "=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022 "= "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t "The Company\MP3 Flash Drive Driver v2.08r022 "
"SunJavaUpdateSched "=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
"Symantec NetDriver Monitor "=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2005-07-26 13:32]
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-03-15 20:11]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job "
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-22 18:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-05 01:42:41 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Helen Chiu.job "
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-08 03:08:00 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 22:06:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 22:09:04
ComboFix-quarantined-files.txt 2008-02-08 03:09:00
ComboFix2.txt 2008-02-07 08:04:15
.
2008-01-09 08:02:37 --- E O F ---

 

HiJackThis.log

Geri,

Windows doesn't give me the pop-up and the Outer Info is not in my Program list.

Oddly, when I run IE it seems to log files slower. When I use FireFox, there doesn't appear to be "hitch" or slow display. Is this usual?

Looks like I'm super close.... thanks for all your help. Looking forward to your clean bill of health message! =)

-schin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:58 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnyes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: 0 - {062479A8-C6C3-4A5E-9D8E-E5F2D9E02CAB} - C:\Program Files\Common Files\qucav.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [hip2p] C:\Program Files\hip2p\hip2p.exe min
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-68e4741c1554c772.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: cmsCFG - cmsCFG.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9529 bytes

 

Hi schin

Please do these in the order given.

Do you know what this is?
C:\Program Files\hip2p

You ran Combofix 2 times, I need to see the first combofix log.
ComboFix2.txt, which I believe is located in c:\qoobox


Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page: one at a time.
  
  • C:\Documents and Settings\Helen Chiu\Application Data\shb.dat
    C:\Documents and Settings\Helen Chiu\remote.exe
• Click on the submit button
  
• Please post the results in your next reply.

Please Post the Vundo log, Combofix log and Jotti results.
Also let me know if you know what that program is.

Thanks
Geri

 

ComboFix2.txt

I couldn't find the ComboFix file after I ran it last night and reran it.

The follow you requested in the Qoobox directory is:


ComboFix 08-02.05.3 - Helen Chiu 2008-02-07 2:34:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.152 [GMT -5:00]
Running from: C:\Documents and Settings\Helen Chiu\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\FLPYDISKK.sys
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\opnopqq.dll
C:\WINDOWS\system32\wslezvlu.dll
C:\Program Files\Windows NT\meqocahot4444.dll
C:\Program Files\Windows NT\meqocahot83122.dll
C:\temp\tn3
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\b3\snmaildriv3.exe
C:\WINDOWS\SYSTEM32\cfhkj.ini
C:\WINDOWS\SYSTEM32\cfhkj.ini2
C:\WINDOWS\system32\cyjtuvys.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\FLPYDISKK.sys
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\opnopqq.dll
C:\WINDOWS\system32\p4
C:\WINDOWS\system32\pfnvdsdd.dll
C:\WINDOWS\system32\s5
C:\WINDOWS\system32\s5\advcomms3.exe
C:\WINDOWS\SYSTEM32\syvutjyc.ini
C:\WINDOWS\system32\v9
C:\WINDOWS\system32\v9\rabs2135.exe
C:\WINDOWS\system32\vhosgnsk.dll
C:\WINDOWS\system32\wslezvlu.dll
C:\WINDOWS\system32\wslezvlu.dllbox
C:\WINDOWS\system32\z6
C:\WINDOWS\system32\z6\kiffs83122.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FLPYDISKK
-------\FLPYDISKK


((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-07 01:57 . 2008-02-07 01:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-07 00:38 . 2008-02-07 02:30 <DIR> d-------- C:\SDFix
2008-02-06 00:50 . 2008-02-06 00:50 <DIR> d-------- C:\Deckard
2008-02-05 22:43 . 2008-02-05 22:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 01:26 . 2008-02-05 01:26 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-05 00:53 . 2008-02-05 00:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\nGpxx01
2008-02-05 00:53 . 2008-02-05 00:54 <DIR> d-------- C:\temp\isgTi19

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 02:25 --------- d-----w C:\Program Files\Sierra On-Line
2008-02-07 02:25 --------- d-----w C:\Program Files\Safe-Share Downloads
2008-02-07 02:25 --------- d-----w C:\Program Files\NetZero
2008-02-07 02:25 --------- d-----w C:\Program Files\NetWaiting
2008-02-07 02:25 --------- d-----w C:\Program Files\MP3 Flash Drive Driver v2.08r022
2008-02-07 02:25 --------- d-----w C:\Program Files\Modem Helper
2008-02-07 02:25 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-02-05 06:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-01 23:51 --------- d-----w C:\Documents and Settings\Helen Chiu\Application Data\uTorrent
2008-01-31 04:41 --------- d-----w C:\Program Files\Net2Phone CommCenter
2008-01-26 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-23 19:44 --------- d-----w C:\Documents and Settings\Helen Chiu\Application Data\Intuit
2008-01-02 05:51 --------- d-----w C:\Program Files\Sportsbook Poker
2007-12-26 02:44 --------- d-----w C:\Program Files\WON
2007-12-26 02:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 02:40 --------- d-----w C:\Program Files\MasterCook 8
2007-12-11 03:07 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-11 02:52 --------- d-----w C:\Program Files\TurboTax
2007-03-25 13:29 439,296 ----a-w C:\Documents and Settings\Helen Chiu\GoToAssist_phone__317_en.exe
2006-11-09 00:57 194,376 ----a-w C:\Documents and Settings\Helen Chiu\Application Data\shb.dat
2005-11-10 17:29 389,120 ----a-w C:\Documents and Settings\Helen Chiu\remote.exe
2005-10-08 17:21 2,449,408 ----a-w C:\Documents and Settings\Helen Chiu\gosetup.exe
2005-10-08 16:01 337,723 -csha-w C:\WINDOWS\SYSTEM32\jjkkj.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{062479A8-C6C3-4A5E-9D8E-E5F2D9E02CAB}]
C:\Program Files\Common Files\qucav.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"TuneUp MemOptimizer "= "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [ ]
"hip2p "= "C:\Program Files\hip2p\hip2p.exe" [2006-02-15 09:23 3048960]
"Drmupgds "= "C:\Program Files\Drmupgds\Drmupgds.exe" [2008-02-05 01:26 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-11 19:34 180269]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"lxamsp32.exe "= "lxamsp32.exe" [2001-10-21 14:12 45056 C:\WINDOWS\SYSTEM32\LXAMSP32.EXE]
"PrinTray "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-21 11:54 36864]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\SYSTEM32\NARRATOR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cmsCFG]
cmsCFG.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1134535982\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-10-11 19:35 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skyme]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-11 19:34 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Unshare]
C:\Program Files\safe-share\SafeShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS "=3 (0x3)
"CiSvc "=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CommCtr "=C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
"spc_w "= "C:\Program Files\NZSearch\nzspc.exe" -w

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ViewMgr "=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"PrinTray "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"ANIWZCS2Service "=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022 "= "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t "The Company\MP3 Flash Drive Driver v2.08r022 "
"SunJavaUpdateSched "=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
"Symantec NetDriver Monitor "=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2005-07-26 13:32]
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-03-15 20:11]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job "
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-22 18:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-05 01:42:41 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Helen Chiu.job "
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-07 08:03:00 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 03:01:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-07 3:04:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 08:04:10
.
2008-01-09 08:02:37 --- E O F ---

 

VundoFix.txt

The Jotti came back with "Found Nothing" messages for both files.

=========


VundoFix V6.7.8

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 12:27:54 AM 2/8/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

 

Hi schin

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\WINDOWS\SYSTEM32\jjkkj.bak2

Folder::
C:\WINDOWS\SYSTEM32\nGpxx01
C:\temp\isgTi19

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{062479A8-C6C3-4A5E-9D8E-E5F2D9E02CAB}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cmsCFG] 

Please post the new combofix log.

Thanks
Geri

 

ComboFix.txt

ComboFix 08-02.05.3 - Helen Chiu 2008-02-08 20:07:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.215 [GMT -5:00]
Running from: C:\Documents and Settings\Helen Chiu\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Helen Chiu\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\SYSTEM32\jjkkj.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\isgTi19
C:\temp\isgTi19\lPig.log
C:\WINDOWS\SYSTEM32\jjkkj.bak2
C:\WINDOWS\SYSTEM32\nGpxx01
C:\WINDOWS\SYSTEM32\nGpxx01\nGpxx011065.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-08 00:27 . 2008-02-08 00:27 <DIR> d-------- C:\VundoFix Backups
2008-02-07 22:38 . 2008-02-07 22:38 <DIR> d-------- C:\Documents and Settings\Helen Chiu\Application Data\Comodo
2008-02-07 22:38 . 2008-02-07 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-02-07 22:36 . 2008-02-07 22:50 <DIR> d-------- C:\Program Files\Comodo
2008-02-07 22:36 . 2006-12-21 23:35 211 --a------ C:\boot.ini.comodofirewall
2008-02-07 22:24 . 2008-02-07 22:24 <DIR> d-------- C:\Program Files\CodeStuff
2008-02-07 22:23 . 2008-02-07 22:23 <DIR> d-------- C:\StartupSetup
2008-02-07 22:01 . 2004-08-04 05:00 388,608 --a------ C:\kmd.exe
2008-02-07 01:57 . 2008-02-07 01:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-07 00:38 . 2008-02-07 02:30 <DIR> d-------- C:\SDFix
2008-02-06 00:50 . 2008-02-06 00:50 <DIR> d-------- C:\Deckard
2008-02-05 22:43 . 2008-02-05 22:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 01:26 . 2008-02-05 01:26 <DIR> d-------- C:\Program Files\Drmupgds

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 07:12 --------- d-----w C:\Documents and Settings\Helen Chiu\Application Data\uTorrent
2008-02-08 03:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 08:15 --------- d-----w C:\Documents and Settings\Helen Chiu\Application Data\Lavasoft
2008-02-07 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-07 02:25 --------- d-----w C:\Program Files\Sierra On-Line
2008-02-07 02:25 --------- d-----w C:\Program Files\Safe-Share Downloads
2008-02-07 02:25 --------- d-----w C:\Program Files\NetZero
2008-02-07 02:25 --------- d-----w C:\Program Files\NetWaiting
2008-02-07 02:25 --------- d-----w C:\Program Files\MP3 Flash Drive Driver v2.08r022
2008-02-07 02:25 --------- d-----w C:\Program Files\Modem Helper
2008-02-07 02:25 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-01-31 04:41 --------- d-----w C:\Program Files\Net2Phone CommCenter
2008-01-26 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-23 19:44 --------- d-----w C:\Documents and Settings\Helen Chiu\Application Data\Intuit
2008-01-02 05:51 --------- d-----w C:\Program Files\Sportsbook Poker
2007-12-26 02:44 --------- d-----w C:\Program Files\WON
2007-12-26 02:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 02:40 --------- d-----w C:\Program Files\MasterCook 8
2007-12-11 03:07 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-11 02:52 --------- d-----w C:\Program Files\TurboTax
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-03-25 13:29 439,296 ----a-w C:\Documents and Settings\Helen Chiu\GoToAssist_phone__317_en.exe
2006-11-09 00:57 194,376 ----a-w C:\Documents and Settings\Helen Chiu\Application Data\shb.dat
2005-11-10 17:29 389,120 ----a-w C:\Documents and Settings\Helen Chiu\remote.exe
2005-10-08 17:21 2,449,408 ----a-w C:\Documents and Settings\Helen Chiu\gosetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"TuneUp MemOptimizer "= "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\SYSTEM32\NARRATOR.EXE]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1134535982\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-10-11 19:35 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skyme]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-11 19:34 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Unshare]
C:\Program Files\safe-share\SafeShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS "=3 (0x3)
"CiSvc "=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CommCtr "=C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
"spc_w "= "C:\Program Files\NZSearch\nzspc.exe" -w

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ViewMgr "=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"PrinTray "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"ANIWZCS2Service "=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022 "= "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t "The Company\MP3 Flash Drive Driver v2.08r022 "
"SunJavaUpdateSched "=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
"Symantec NetDriver Monitor "=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2005-07-26 13:32]
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-03-15 20:11]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job "
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-22 18:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-05 01:42:41 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Helen Chiu.job "
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-09 01:08:00 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 20:11:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 20:13:17
ComboFix-quarantined-files.txt 2008-02-09 01:13:02
ComboFix2.txt 2008-02-08 03:09:05
ComboFix3.txt 2008-02-07 08:04:15
.
2008-01-09 08:02:37 --- E O F ---

 

Latest HiJackthis.log

Geri,

Can I remove those Netzero references? I don't think they hurt, but I don't and haven't used them in ages.

Thanks,
schin

=====




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:57 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnyes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-68e4741c1554c772.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8381 bytes

 

Hi schin
OK those logs look good.

Yes you can.

I see Comodo Firewall installed, Does not Norton Internet Security have a firewall? If it does you need to uninstall Comodo.
You should only have 1 Firewall running.

Now do this in the order given.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

You have a broken file association. The following will fix it.

** dss.exe must be on the desktop for the following command to work. **

Highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /daft

• Click Start>Run and paste the command in the run box, then hit enter.
• An interface of Deckards file association fix will open.
• Click Scan.
• js should come up in the list.
• Check the box next to it, then click Fix.
• Exit when complete.

Your Jave is way out of date.

Updating Java and Clearing Cache

1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
2. It will say "Java Plug-in" under the icon.
   Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
3. If you are unable to update you can manually update by going here:
   • 
     http://www.java.com/en/download/manual.jsp
4. After the reboot, go back into the Control Panel and double-click the Java Icon.
5. On the general tab, at the bottom it has "temporary internet files "
6. Click the settings button. Then the Delete files button.
7. There are two options in the window to clear the cache - Leave both Checked
   • 
     Applications and Applets
     Trace and Log files
8. Click OK
   Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
9. Click OK to leave the Java Control Panel.
10. Delete older versions from Add/Remove list.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


OK now you will need to log into the next account on this computer and post a dss log from that account. and any fixes we do will have to be done while logged into that account.
I don't believe dss will show on the desktop in other accounts, so you will need to either move the one you have or download it from that account to the desktop.

Post the log in this thread

Thanks
Geri

 

Cleaned...

Hi Geri,

I did all your instructions above, but was somewhat confused about the Java - Add/Remove.

I updated my Java, but in terms of removing -- should I remove "Java 2 Runtime Environment, SE v1.4.2_03" and keep the new "Java (TM) 6 Update 3 "?

I was sure if the "6 Update" built on top of the "Java 2 Runtime" and thus, I keep both.

In terms of users, what I meant was I have multiple people using 1 account. So, we don't need to clean the other users.

Regarding Comindo, I tried it because my Norton expired. So, I thought I would get the freeware Comindo -- it keeps locking up on me. So, I've disabled its loading and will try to renew my Norton -- eventhough, I'm not a big fan of his.

In terms of Desktop icons, I've noticed the icons are the "generic" variety for 2-3 seconds before the screen refreshes and they have their custom Adobe/IE/iTunes icons. This "refresh" never happened before. Plus, IE has a slight pause before it starts downloading my start page? Should I investigate?

Thank you for all your time in helping me. There's no way I could have handled this by myself. Thanks for your prompt response and I'll definitely be a reader of WindowsBBS!!

You're the best!

 

Hi schin

Yes go into Add/remove and remove Java 2 Runtime Environment, SE v1.4.2_03

Oh, OK
Then there are some things we need to do.

OK, There are free anti-virus and firewalls, comodo could be locking up because of the other firewall running.
If you would like to remove Norton and go with free ones let me know, I use comodo, make sure you use the Basic version if you are going to use it.

Now lets get a on-line scan to make sure nothing is lurking.

Please do an online scan with Kaspersky WebScanner

Click on “Accept” If your pop –up blocker blocks the ActiveX download, allow it, click on “Accept” again

You will be promted to install an ActiveX component from Kaspersky, Click Yes or Install.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.
Let me know what you want to do with the AV and Firewall.

Thanks
Geri

 

Kaspersky report

I removed the extra Java.

I would like to us Comodo, but do not want to remove NAV -- could I disable everything and keep it dormant and try out Comodo? See if I can get it not to lock up? Plus, what free anti-virus should I go with?

Lastly, I ran Kaspersky -- here is the report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 10, 2008 4:53:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/02/2008
Kaspersky Anti-Virus database records: 556064
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 201458
Number of viruses found: 14
Number of infected objects: 67
Number of suspicious objects: 0
Duration of the scan process: 02:01:23

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080208212434\backup\DOCUME~1\HELENC~1\LOCALS~1\Temp\snapsnet.exe/data0006 Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\Deckard\System Scanner\20080208212434\backup\DOCUME~1\HELENC~1\LOCALS~1\Temp\snapsnet.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\20080208212434\backup\DOCUME~1\HELENC~1\LOCALS~1\Temp\yazzsnet.exe/data0003 Infected: Trojan.Win32.Scapur.k skipped
C:\Deckard\System Scanner\20080208212434\backup\DOCUME~1\HELENC~1\LOCALS~1\Temp\yazzsnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Administrator\Application Data\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Gtek\gtny\4EC308F4-A9FC-4be8-BA18-75066D6256D5_CONFIRM.cache Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Gtek\gtny\gtuser.cfg Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\persist.cfg Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\persist.cfg Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\persist.cfg Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3259637658-3539484919-714008844-1003\a5b26550-7988-44d0-ac79-7f6082d46db3 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3259637658-3539484919-714008844-1003\Preferred Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@dell4me[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@discussions.virtualdr[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@google[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@myway[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\administrator@virtualdr[1].txt Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\VFIX\VundoFix\KillVundo.bat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\VFIX\VundoFix\process.exe Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\VFIX\VundoFix\ReadMe.txt Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\VFIX\VundoFix\starthjt.vbs Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\VFIX\VundoFix\vundo.reg Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\VFIX\VundoFix\vundofix.txt Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\VundoFix.exe Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Dell\Dell Auction.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Dell\Support.Dell.com.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\1033.MST Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012005100820051009\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\action-button[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\but_find[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\earthweb_foot2[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\earthweb_sm[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\eek[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\feed2js[1].php Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\getmoretxt[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\headermenu[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\icon14[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\michael_kevin_in_frame[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\mode_linear[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\navbits_finallink[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\printer[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\quote[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\resolved[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\SMB_xw4300_Price_336x280[1].swf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\threadclosed[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\welcome[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\34376638303137613433343831336230[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\B1672071[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\biggrin[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\confused[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\devx_foot2[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\icon11[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\menu_open[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\mode_threaded[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\mywaybiz[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\post_old[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\randm[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\ruledivide_foot[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\showthread[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\spacer[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\vbulletin_global[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\virtualdr[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\VundoFix[1].exe Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\__utm2[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\asap[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\B1672071[1].4;abr=!ie;sz=336x280;ord=1867698911 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\bglogo[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\black_arrow[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\collapse_thead[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\dellbiz.myway[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\feed2js[1].php Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\gmoon_badge[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\google[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\grcom_foot[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\icom_foot[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\icon9[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\navbits_start[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\redface[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\subscribe[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\triangle[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\user_offline[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\vbulletin_menu[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\34376638303137613433343831336230[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\clear[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\collapse_tcat[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\dssubmit[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\google[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\headermenu[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\image[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\logo[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\mode_hybrid[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\norm_left[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\norm_right[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\opti_728x90_one[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\red dragon[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\sendtofriend[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\smile[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\thanks2[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\vbulletin_md5[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\weather[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Big Kid-You Must Be Kidding -eAlbum-01-03 What Kind of Name Is- -mp3-192- - Sep 09, 2004 14.22.36.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Charlie Robison - Good Times.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Kimmie Rhodes - Love Me Like A Song.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Musicmatch - It's Way Better With Plus!.mp3 Object is locked skipped