Popups Galore - HJT Log Posted

Unknown
edited January 2008 in Spyware & Virus Removal
A friend asked me to work on their computer as they were getting a lot of popups. When I turned it on, it was definately infected as it was prompting me to get online without anything even running other than the basics. After clearing off about 200 items via Ad-Aware and virus scanners (Not including the 300 cookies and what not that Ad-Aware finds, as these were all trojans, malware, spyware and the like), I am still getting some popups. I even went through and found a few things that shouldn't be running, removed them, yet it continues. I have a few leads, but am not completely sure on what's causing all this, so figured I'd post a HJT log and see if anyone can point out what is causing it and how to get rid of it.

Thanks in advance. (HJT Log in next post)

P.S. This is simply a Dell Computer, Windows XP

Comments

  • wju2004
    edited January 2008
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:54:39 PM, on 1/3/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
    C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\gydjayeA.exe
    C:\windows\system32\mldsregp.exe
    C:\WINDOWS\system32\nwinmndq.exe
    C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
    C:\WINDOWS\System32\svchost.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\gydjaye.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet
    Explorer\Main,Default_Page_URL =
    http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
    Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet
    Explorer\Main,Default_Page_URL =
    http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
    Page = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet
    Explorer\Search,SearchAssistant =
    http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcD98ptiQjWyu...
    O3 - Toolbar: McAfee VirusScan -
    {BA52B914-B692-46c4-B683-905236F6F655} -
    c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: (no name) -
    {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
    O4 - HKLM\..\Run: [IgfxTray]
    C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds]
    C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common
    Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry]
    C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
    Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VSOCheckTask]
    "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program
    Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [VirusScan Online]
    "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program
    Files\Dell AIO Printer A960\dlbfbmgr.exe"
    O4 - HKLM\..\Run: [McRegWiz]
    C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [MSKAGENTEXE]
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe]
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program
    Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
    O4 - HKLM\..\Run: [gydjayeA] C:\WINDOWS\gydjayeA.exe
    O4 - HKLM\..\Run: [{7B-B4-4F-FC-ZN}]
    C:\windows\system32\mldsregp.exe SKY009
    O4 - HKLM\..\Run: [ExploreUpdSched]
    C:\WINDOWS\system32\nwinmndq.exe SKY009
    O4 - HKLM\..\Run: [1ce7b453] rundll32.exe
    "C:\WINDOWS\system32\valfbsfd.dll",b
    O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program
    Files\McAfee\McAfee QuickClean\Plguni.exe /START
    O4 - HKCU\..\Run: [DellSupport] "C:\Program
    Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program
    Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program
    Files\Atari\Deer Hunter 2005\ATR1.EXE
    O4 - Startup: TA_Start.lnk =
    C:\WINDOWS\SYSTEM32\dwdsregt.exe
    O4 - Startup: Think-Adz.lnk =
    C:\WINDOWS\SYSTEM32\nwinmndq.exe
    O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk =
    C:\Program Files\CompuServe 7.0\cstray.exe
    O9 - Extra button: (no name) -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Real.com -
    {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
    (EPUImageControl Class) -
    http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-...
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft
    AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: DomainService - Unknown owner -
    C:\WINDOWS\system32\jofdwrdj.exe (file missing)
    O23 - Service: DSBrokerService - Unknown owner - C:\Program
    Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer,
    Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark
    International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown
    owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager
    (mcupdmgr.exe) - McAfee, Inc -
    C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine
    (MCVSRte) - Networks Associates Technology, Inc -
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee SpamKiller Server (MskService) -
    Networks Associates Technology. Inc. -
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Net Agent - Unknown owner -
    C:\WINDOWS\dls0523pmw.exe (file missing)
    O23 - Service: Windows Overlay Components - Unknown owner -
    C:\WINDOWS\gydjaye.exe
  • Rahina-RescueRahina-Rescue Finland
    edited January 2008
    Hello and welcome!

    You are infected ):

    But don't worry, we will get you cleaned up.

    ( 1 )

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    Myway

    Remove eveything related to Myway

    ( 2 )

    Download the latest version of Java Runtime Environment (JRE) 6/03

    Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    Click the "Download" button to the right.
    Check the box that says: "Accept License Agreement".
    The page will refresh.

    Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    Close any programs you may have running - especially your web browser.
    Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

    Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the Remove or Change/Remove button.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then from your desktop double-click on the download to install the newest version.

    ( 3 )

    Please download Combofix to your desktop.

    Doubleclick combo.exe to launch the application.
    Follow the prompts that will be displayed on the screen.
    Don't click on the window while the fix is running, because that will cause your system to hang.
    When finished, it should produce a log, combofix.txt.
    Post this log in your next reply together with a new hijackthislog.
  • wju2004
    edited January 2008
    I figured there were a few things still hanging around on there, but it's still a lot better than is was. I will be sure to test things out tomorrow once I get home from work and I'll update as soon as I do. Thanks.
  • wju2004
    edited January 2008
    Thought we had it for a minute, but just had another popup that looks non-website related. But it has cleared up a lot of the problems and it's running 10x better.

    Here are my two logs:

    HiJackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:26:32 PM, on 1/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
    C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\gydjayeA.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gydjayeA] C:\WINDOWS\gydjayeA.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE
    O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O20 - Winlogon Notify: wvuvtsr - wvuvtsr.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    --
    End of file - 6341 bytes

    ComboFix:

    ComboFix 08-01-09.2 - DAD 2008-01-08 18:29:59.1 - NTFSx86
    Running from: C:\Documents and Settings\DAD\Desktop\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\All Users\Application Data\Starware347
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\FindIt.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\FindItHot.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\findithotxp.png
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\finditxp.png
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\Highlight.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\HighlightHot.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\highlighthotxp.png
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\highlightxp.png
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\jokesearch.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\logo.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\logoxp.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\buttons\pranks.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\contexts\error.xml
    C:\Documents and Settings\All Users\Application Data\Starware347\contexts\Related.xml
    C:\Documents and Settings\All Users\Application Data\Starware347\contexts\Travel.xml
    C:\Documents and Settings\All Users\Application Data\Starware347\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\Games\images\active\Games0.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\Movies\images\active\Movies0.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
    C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\ProductMessagingConfig.xml
    C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\ProductMessagingConfig.xml.backup
    C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.xml
    C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.xml.backup
    C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.xml
    C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.xml.backup
    C:\Documents and Settings\All Users\Application Data\Starware347\U1AB83CE4.exe
    C:\Documents and Settings\ANDREW\Application Data\Starware347
    C:\Documents and Settings\ANDREW\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Configurator\Configurator.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Configurator\Configurator.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Games\GamesOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Games\GamesOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Layouts\ToolbarLayout.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Manager\ManagerOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Manager\ManagerOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Movies\MoviesOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Movies\MoviesOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Pranks\PranksOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Pranks\PranksOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Toolbar\TBProductsOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
    C:\Documents and Settings\ANDREW\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml
    C:\Documents and Settings\ANDREW\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347
    C:\Documents and Settings\DAD\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\Configurator\Configurator.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\Configurator\Configurator.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\Games\GamesOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\Games\GamesOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\Layouts\PitchLayout.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\Layouts\PitchLayout.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\Layouts\PreferencesLayout.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\Layouts\PreferencesLayout.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\Layouts\ToolbarLayout.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\Manager\ManagerOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\Manager\ManagerOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\Movies\MoviesOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\Movies\MoviesOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\Pranks\PranksOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\Pranks\PranksOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\Toolbar\TBProductsOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml
    C:\Documents and Settings\DAD\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup
    C:\Documents and Settings\DAD\Application Data\WNSXS~1
    C:\Documents and Settings\DAD\Start Menu\Programs\Startup\think-adz.lnk
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
    C:\Documents and Settings\LocalService\Application Data\Starware347
    C:\Documents and Settings\LocalService\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\Configurator\Configurator.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\Configurator\Configurator.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\Games\GamesOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\Games\GamesOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\Layouts\ToolbarLayout.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\Manager\ManagerOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\Manager\ManagerOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\Movies\MoviesOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\Movies\MoviesOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\Pranks\PranksOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\Pranks\PranksOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\Toolbar\TBProductsOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
    C:\Documents and Settings\LocalService\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml
    C:\Documents and Settings\LocalService\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347
    C:\Documents and Settings\MOM\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\Configurator\Configurator.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\Configurator\Configurator.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\Games\GamesOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\Games\GamesOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\Layouts\ToolbarLayout.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\Manager\ManagerOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\Manager\ManagerOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\Movies\MoviesOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\Movies\MoviesOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\Pranks\PranksOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\Pranks\PranksOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\Toolbar\TBProductsOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
    C:\Documents and Settings\MOM\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml
    C:\Documents and Settings\MOM\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347
    C:\Documents and Settings\VINCENT\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Configurator\Configurator.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Configurator\Configurator.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Games\GamesOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Games\GamesOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Layouts\ToolbarLayout.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Manager\ManagerOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Manager\ManagerOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Movies\MoviesOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Movies\MoviesOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Pranks\PranksOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Pranks\PranksOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Toolbar\TBProductsOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
    C:\Documents and Settings\VINCENT\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml
    C:\Documents and Settings\VINCENT\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup
    C:\Documents and Settings\VINCENT\Start Menu\Programs\Startup\think-adz.lnk
    C:\Program Files\Common Files\ssembl~1
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
    C:\Program Files\poolsv
    C:\Program Files\poolsv\k11u72.exe
    C:\Program Files\poolsv\svhost.exe
    C:\Program Files\poolsv\wr-1-0000077.exe
    C:\Program Files\poolsv\YazzleBundle-1549.exe
    C:\Program Files\winpop
    C:\temp\0c2
    C:\temp\0c2\tmpFF.log
    C:\temp\brr
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\gydjaye.exe
    C:\WINDOWS\offun.exe
    C:\WINDOWS\poolsv.exe
    C:\WINDOWS\system32\b10FdUe
    C:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe
    C:\WINDOWS\system32\blpjvttn.exe
    C:\WINDOWS\system32\csjgvwle.dll
    C:\WINDOWS\SYSTEM32\dfsbflav.ini
    C:\WINDOWS\system32\dobe~1
    C:\WINDOWS\system32\driver
    C:\WINDOWS\system32\drivers\fad.sys
    C:\WINDOWS\SYSTEM32\duvubfjk.ini
    C:\WINDOWS\system32\dwdsregt.exe
    C:\WINDOWS\SYSTEM32\gypgibfh.ini
    C:\WINDOWS\system32\hendgaay.exe
    C:\WINDOWS\system32\hfbigpyg.dll
    C:\WINDOWS\SYSTEM32\hwimnosr.ini
    C:\WINDOWS\system32\ijgtxhhi.dll
    C:\WINDOWS\system32\ijpoyatk.dll
    C:\WINDOWS\system32\ipxbyipc.exe
    C:\WINDOWS\system32\jeqlfwnn.dll
    C:\WINDOWS\SYSTEM32\ktayopji.ini
    C:\WINDOWS\SYSTEM32\lpuqxnew.ini
    C:\WINDOWS\system32\lrbdhbeh.dll
    C:\WINDOWS\SYSTEM32\lutagdbx.ini
    C:\WINDOWS\system32\lyqhxlwu.exe
    C:\WINDOWS\SYSTEM32\mjknaaeo.ini
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\SYSTEM32\nbncnfxi.ini
    C:\WINDOWS\system32\ngfxgmig.dll
    C:\WINDOWS\system32\oblmrxai.dll
    C:\WINDOWS\system32\oeaankjm.dll
    C:\WINDOWS\system32\opnlklj.dll
    C:\WINDOWS\system32\pcquyjcf.exe
    C:\WINDOWS\SYSTEM32\pqtss.bak1
    C:\WINDOWS\SYSTEM32\pqtss.bak2
    C:\WINDOWS\SYSTEM32\pqtss.ini
    C:\WINDOWS\SYSTEM32\pqtss.tmp
    C:\WINDOWS\SYSTEM32\pqtss.tmp2
    C:\WINDOWS\system32\qdlchxdw.dll
    C:\WINDOWS\system32\ryscwfer.dll
    C:\WINDOWS\system32\skbegbta.exe
    C:\WINDOWS\system32\sstqp.dll
    C:\WINDOWS\system32\swxxsjfe.exe
    C:\WINDOWS\system32\tpuuvfxn.dll
    C:\WINDOWS\SYSTEM32\wdxhcldq.ini
    C:\WINDOWS\system32\winpfz32.sys
    C:\WINDOWS\system32\wysdpvkw.dll
    C:\WINDOWS\SYSTEM32\xrcwkyfy.ini
    C:\WINDOWS\system32\yvemxjog.dll
    C:\WINDOWS\system32\Z1
    C:\WINDOWS\system32\Z11
    C:\WINDOWS\system32\Z11\z53.exe
    C:\WINDOWS\system32\Z3
    C:\WINDOWS\system32\Z3\w0716.exe
    C:\WINDOWS\system32\Z5
    C:\WINDOWS\system32\Z7
    C:\WINDOWS\system32\Z9
    C:\WINDOWS\system32\zxdnt3d.cfg
    C:\WINDOWS\TISKY009.exe
    C:\WINDOWS\uninstall_nmon.vbs
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \LEGACY_DOMAINSERVICE
    \LEGACY_NETWORK_MONITOR
    \LEGACY_NET_AGENT
    \LEGACY_WINDOWS_OVERLAY_COMPONENTS
    \DomainService
    \Net Agent
    \Windows Overlay Components

    ((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
    .
    2008-01-08 18:19 . 2000-08-31 08:00 51,200 --a
    C:\WINDOWS\NirCmd.exe
    2008-01-08 18:18 . 2007-09-24 23:31 69,632 --a
    C:\WINDOWS\SYSTEM32\javacpl.cpl
    2008-01-08 18:17 . 2008-01-08 18:18 <DIR> d
    C:\Program Files\Java
    2008-01-08 18:17 . 2008-01-08 18:17 <DIR> d
    C:\Program Files\Common Files\Java
    2008-01-03 20:53 . 2008-01-03 20:53 <DIR> d
    C:\Program Files\Trend Micro
    2008-01-03 14:13 . 2008-01-03 14:13 196,706 --a
    C:\WINDOWS\SYSTEM32\nwinmndq.exe
    2008-01-03 13:03 . 2008-01-03 13:03 2,538 --a
    C:\WINDOWS\SYSTEM32\ebay.ico
    2008-01-03 12:57 . 2007-07-09 08:09 584,192
    C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
    2008-01-03 11:13 . 2008-01-03 11:13 <DIR> d
    C:\Program Files\Lavasoft
    2008-01-03 11:13 . 2008-01-03 11:13 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-03 11:11 . 2008-01-03 11:11 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-29 11:07 . 2004-08-04 02:56 21,504 --a
    C:\WINDOWS\SYSTEM32\hidserv.dll
    2007-12-29 11:07 . 2004-08-04 02:56 21,504 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
    2007-12-29 11:07 . 2004-08-04 00:58 14,848 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
    2007-12-29 11:07 . 2004-08-04 00:58 14,848 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
    2007-12-29 11:07 . 2001-08-17 13:48 12,160 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
    2007-12-29 11:07 . 2001-08-17 13:48 12,160 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    1989-12-12 14:10 1,096,352 --sh--r C:\WINDOWS\gydjayeA.exe
    2005-07-29 20:24 472 --sha-r C:\WINDOWS\REFE\lHIH.vbs
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sonic RecordNow!"="" []
    "McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2004-08-25 06:00 94208]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 02:04 114741]
    "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 02:01 155648]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27 28672]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47 204800]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-01-05 10:44 151597]
    "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 16:15 139264]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 19:26 245760]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 19:29 184320]
    "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 11:05 53248]
    "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 17:55 180224]
    "Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 10:21 270336]
    "McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2004-07-29 15:55 139264]
    "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2004-06-17 00:33 98304]
    "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2004-08-03 19:18 1083392]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20 278528]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-12 18:43 98304]
    "gydjayeA"="C:\WINDOWS\gydjayeA.exe" [1989-12-12 09:10 1096352]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    C:\Documents and Settings\VINCENT\Start Menu\Programs\Startup\
    PowerReg Scheduler.exe [2004-03-01 19:52:40]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvtsr]
    wvuvtsr.dll
    .
    Contents of the 'Scheduled Tasks' folder
    "2004-01-09 03:28:23 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
    - C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
    "2007-08-07 23:09:26 C:\WINDOWS\Tasks\McAfee Cleanup.job"
    - C:\DOCUME~1\DAD\LOCALS~1\Temp\MCPR.tmp\mccleanup.exeA-p mpfpcu,mpfp,mps,shred,mpscu,mskcu,msk,emproxy,mas,fwdriver,hw,mbk,mcproxy,mhn,mqccu,mqc,shrd,nmc,redir,mna,mwl,msad,vs,msc,mcpr -log
    "2008-01-10 00:24:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DDLN7341-Owner).job"
    - c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
    - c:\PROGRA~1\mcafee.com\agent
    "2008-01-10 00:23:00 C:\WINDOWS\Tasks\McAfee.com Update Check (MYTHREESONS-ANDREW).job"
    - C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
    - C:\PROGRA~1\mcafee.com\agent.ANDREWPMcAfee SecurityCenter periodically checks for updates for your McAfee Services.
    "2008-01-10 00:21:00 C:\WINDOWS\Tasks\McAfee.com Update Check (MYTHREESONS-DAD).job"
    - C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
    - C:\PROGRA~1\mcafee.com\agent
    "2008-01-10 00:23:01 C:\WINDOWS\Tasks\McAfee.com Update Check (MYTHREESONS-MOM).job"
    - C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
    - C:\PROGRA~1\mcafee.com\agent
    "2008-01-10 00:22:00 C:\WINDOWS\Tasks\McAfee.com Update Check (MYTHREESONS-VINCENT).job"
    - C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
    - C:\PROGRA~1\mcafee.com\agent
    "2008-01-10 00:23:01 C:\WINDOWS\Tasks\McAfee.com Update Check (MYTHREESONS-ZACHARY).job"
    - C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
    - C:\PROGRA~1\mcafee.com\agent
    .
    **************************************************************************
    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-09 19:09:41
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2008-01-09 19:24:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-10 00:24:20
    .
    2008-01-08 22:42:36 --- E O F ---
  • wju2004
    edited January 2008
    Nix that, might have been a pop up for sbc yahoo as I'm not getting the popups now since I reset the browser defaults and changed the homepage. I'll play with it some more, but looks like we're cleared up. Just let me know what the logs say. Thanks.

    P.S. I thought that one program that combofix removed was one of the problems, but combofix I'm sure did a more thorough removal than I could have alone.
This discussion has been closed.