Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

http://ad.yieldmanager.com/st%3Fad_type & HJT Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby ktreffin » June 10th, 2008, 1:50 pm

Hi Denise,

How are things running? Are you still having trouble? Your DSS log looks good, and the information that we got about your hosts file also looks good.

Please let me know what kind of problems, if any, you are still experiencing? Thanks.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida
Advertisement
Register to Remove

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby zville123 » June 11th, 2008, 9:45 am

Well, when I log on to the internet, I can now go to my home page...yahoo (literally & figuratively)! I didn't have a chance all day yesterday to even get on my computer so I'm not sure of the other issues yet. Like the mouse clicking noises when I wasn't doing it or losing my connection when everything was saying I was still connected or my computer running slow. Give me a day or 2 to find out if I still have those issues. What was the problem(s) you did find? And how do I avoid them in the future?

I really appreciate your help!!!

Denise
zville123
Regular Member
 
Posts: 30
Joined: June 1st, 2008, 8:46 pm

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby zville123 » June 11th, 2008, 2:47 pm

OK, well, my connectivity issue is not fixed. Road Runner Medic comes up and says network card not configured right to accept IP addresses and has to fix it (I haven't changed anything on my computer). Resets network address. Says problem is fixed every day only to have the same problem the next day. Seems to happen around the same time every day (between 2 to 4 PM) and can happen several times in a row. My 1st attempt at fixing this (before I started talking to you) was to call Time Warner Cable. They sent a tech who said he didn't see a problem but changed the modem.

Any ideas?

Denise
zville123
Regular Member
 
Posts: 30
Joined: June 1st, 2008, 8:46 pm

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby ktreffin » June 12th, 2008, 12:01 pm

Hi Denise,

I am glad that at least some things are looking better. You actually had a program that was a Google/Dell program. This program was redirecting you to a Google/Dell search page whenever you encountered a page that it couldn't open. Your hosts file helps to keep your system safe and prevents you from going to known "bad" sites. The Google/Dell redirector was actually "not getting along with" one of the sites in your hosts file. The yieldmanager.com site is actually a bad site, and is properly listed in your hosts file, in other words it is something you want to avoid.

As far as the connectivity issues go. I am not sure if I can help you with that issue as it seems to be a little outside of my training. We still have a couple of things to do, however once we finish, I will be more than happy point you to general tech support forum that may be able to help you. Lets finish up the few things we have remaining. Please do the following:

Step #1 Fix path variables

  1. Right click on My Computer and select Properties.
  2. Select the Advanced tab.
  3. Click on the Environment Variables button at the bottom right hand corner.
  4. A new window will open. Under System Variables, scroll down to Path and click on Edit.
  5. Please delete everything in the "Variable Value" box.
  6. In the empty variable value box please copy and paste the contents of the code box below into Variable Value box:
    Code: Select all
    C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Internet Explorer;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Nova Development\Greeting Card Factory Express\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem\
  7. Save the settings.

*===============================================*

Step #2: Fix file associations with DSS

    Make sure DSS.exe is on your Desktop
    Next press Start->Run,
    copy/paste the following command into the box and press OK:
"%userprofile%\desktop\dss.exe" /daft

    Press OK to the disclaimer(s) and then press Scan
    Place checkmarks in all the boxes that appear and press Fix
    Then close Deckard's System Scanner

*===============================================*

Step #3: Remove malware lines using Hijack This

Please start HiJackThis as you did to generate a log, but this time click on "Do A System Scan Only".
Place a checkmark in the boxes to the left of the following entries by clicking on them:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <== PLEASE SEE NOTE BELOW
O8 - Extra context menu item: &Search - ?p=ZJYYYYYYLSUS


NOTE:
This is a restriction that may have been set by the Administrator of the computer. If you are the Administrator and DID NOT set this restriction, then please fix it. If you did set it on purpose you may choose not to fix it.

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HIJACKTHIS and click on "Fix Checked".

Once complete, please exit HiJackThis.

*===============================================*

Step #4: Get Extra log from DSS

Once again, please make sure that dss.exe is still on the desktop.

  1. Click Start > Run and copy and paste in "%userprofile%\desktop\dss.exe" /config
  2. Click OK.
  3. This will bring up a pop up box.
  4. Uncheck (untick) all the boxes under Main log section.
  5. Check (tick) all the boxes under Extra log section.
  6. Click on the Scan! button.
  7. When the scan finishes the Extra.txt file will be minimized in taskbar at the bottom of your screen.
  8. Please post this log in your next reply.

*===============================================*

Step #5: Things to put in your next reply

Please post the following in your next reply:
  • A New Hijack This Log
  • Contents of the Extra Log from DSS

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby zville123 » June 12th, 2008, 10:25 pm

OK, I did everything in your last post. Here's the info you wanted:

extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1014.07 MiB / 388.94 MiB
Pagefile Memory (total/avail): 2440.3 MiB / 1615.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1979.09 MiB

C: is Fixed (NTFS) - 228.14 GiB total, 202.87 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-75NCB3 - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 228.14 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - Generic Flash HS-CF USB Device

\\.\PHYSICALDRIVE2 - Generic Flash HS-COMBO USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Spyware Doctor with AntiVirus v5.5.1.2 (PC Tools)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\lxctcoms.exe"="C:\\WINDOWS\\system32\\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Disabled:Delivery Manager Service"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Denise Flynn\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D9ZKPKB1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Denise Flynn
LOGONSERVER=\\D9ZKPKB1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Internet Explorer;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Nova Development\Greeting Card Factory Express\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DENISE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DENISE~1\LOCALS~1\Temp
USERDOMAIN=D9ZKPKB1
USERNAME=Denise Flynn
USERPROFILE=C:\Documents and Settings\Denise Flynn
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Denise Flynn (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AccuWeather.com Toolbar for Internet Explorer Users --> MsiExec.exe /I{639EA256-90E5-413E-AC0F-31DC5FC7DCD1}
ACDSee for PENTAX 2.0 --> MsiExec.exe /I{D8320DD6-FE47-41DE-B116-4158B7AE3F37}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A367C28-423C-48E2-8C76-EBA1171F932A}\apxp.ex_" -l0x9
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0691A73F-3801-43A3-A776-9C12BFD68C1A}\setup.exe" -l0x9
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Cook'n with Pillsbury --> C:\PROGRA~1\DVO\COOK'N~1\UNWISE.EXE C:\PROGRA~1\DVO\COOK'N~1\INSTALL.LOG
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Encyclopaedia Britannica CD Installer --> "C:\Program Files\Britannica 2006\Concise\UninstallerData\Uninstall Encyclopaedia Britannica CD Installer.exe"
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Greeting Card Factory Express Workshop --> MsiExec.exe /X{543B24A5-A285-4FE0-AD7B-2F0E49247AF9}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779}
Intel(R) Quick Resume Technology Drivers --> MsiExec.exe /I{8C22F265-DE76-44D1-8A79-A71D819137DA}
Intel(R) Quick Resume Technology Drivers --> MsiExec.exe /X{8C22F265-DE76-44D1-8A79-A71D819137DA} /qb!
Intel® Viiv™ --> MsiExec.exe /X{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 5400 Series --> C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Memorex exPressit Label Design Studio --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006 --> MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Denise Flynn\Application Data\Move Networks\ie_bin\Uninst.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
OfficeReady OOo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D18E5144-2B47-41DC-851F-68CB05AD7EDE}\setup.exe"
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
OpenOffice.org 2.0 --> MsiExec.exe /I{76BB7B2D-748F-4AE9-89C3-78C051833EA1}
Photo Explosion Special Edition --> MsiExec.exe /X{DD040AAA-F295-492B-AD91-C8DC24488273}
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Print Workshop 2006 LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7217DF28-4855-421F-8FD9-377F50E2B93D}\Setup.exe" -l0x9
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
Quicken WillMaker Plus 2006 --> C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2006\uninstal.log
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Road Runner Medic 6.1 --> "C:\Program Files\twc\medicsp2\unins000.exe"
RoadRunner --> MsiExec.exe /I{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Scrapbook Factory 3.0 --> MsiExec.exe /X{08F9879C-0AA3-4B0A-AACE-3498BBCAE175}
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Sunflowers_Screensaver --> C:\WINDOWS\system32\Sunflowers_Screensaver.scr /u
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
The Print Shop 21 --> MsiExec.exe /I{DCF84385-88E3-4472-8144-E95B823FC5DB}
TWC User Controls --> MsiExec.exe /I{DCC72248-D3D2-4846-8499-A400053A430E}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Ulead Photo Express My Scrapbook 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF404C21-47EB-4FA5-B920-91746874ED43}\setup.exe" -l0x9
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Weather Add-in for Windows Live Toolbar --> MsiExec.exe /I{0E9804E3-1D94-4D4A-A17D-19777FEF049D}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type332 / Warning
Event Submitted/Written: 06/09/2008 04:29:37 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type322 / Warning
Event Submitted/Written: 06/09/2008 00:10:13 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type296 / Error
Event Submitted/Written: 06/06/2008 00:53:08 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 715265633.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type295 / Error
Event Submitted/Written: 06/06/2008 00:52:55 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module msls31.dll, version 3.10.349.0, fault address 0x0000b971.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type245 / Error
Event Submitted/Written: 05/16/2008 10:39:20 AM
Event ID/Source: 5022 / McLogEvent
Event Description:
3



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18212 / Warning
Event Submitted/Written: 06/12/2008 09:59:01 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001372E2F602. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type18196 / Error
Event Submitted/Written: 06/12/2008 00:55:57 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Intel® Quick Resume Technology Drivers service terminated with the following error:
%%203

Event Record #/Type18195 / Error
Event Submitted/Written: 06/12/2008 00:55:56 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Uninterruptible Power Supply service terminated with the following error:
%%2482

Event Record #/Type18194 / Error
Event Submitted/Written: 06/12/2008 00:55:56 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The KService service failed to start due to the following error:
%%2

Event Record #/Type18192 / Error
Event Submitted/Written: 06/12/2008 00:55:55 PM
Event ID/Source: 2482 / UPS
Event Description:
The UPS service could not access the specified Comm Port.



-- End of Deckard's System Scanner: finished at 2008-06-12 22:18:07 ------------

And the hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:33 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ArcSoft\Software Suite\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Weather Add-in for Windows Live Toolbar\WeatherDataClient.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AccuWeather.com Toolbar - {b0fdbb8e-5c2c-41ed-a18c-228f9b2f598c} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TotalMedia Backup & Record Monitor.lnk = C:\Program Files\ArcSoft\Software Suite\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe (file missing)
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 12313 bytes


Please let me know if there's anything else I need to do. I'll let you know if I encounter anymore problems.

Thank You,

Denise
zville123
Regular Member
 
Posts: 30
Joined: June 1st, 2008, 8:46 pm

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby ktreffin » June 13th, 2008, 1:27 pm

Congratulations zville123, Your Log appears to be clean! Image

Looks like we have pretty much everything taken care of. As far as the connectivity problems go, I suggest you use the following link to go to the CastleCops General Computer Problems forum for help from a CastleCops SRT...

http://www.castlecops.com/f120-General_ ... blems.html

I recommend that you register before posting your problem. Registered members can receive notification when there has been a reply to their topic. There is no way for CCSP to notify "guests" when they have received a reply.

Now that you are clean, I got some tips & tricks for you to keep your computer clean and secure. The first few (like Windows Update) have to be done, the others are optional (beginning with Spybot S &D).

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Tutorail for Spybot S & D

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You can download it here:
SpywareBlaster

Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
WinPatrol
The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.

Update your HOSTS file - Seeing you are already using a Hosts File, lets make sure it is up to date. Please check out the following:

For information on how to download and install, please read this tutorial here:
WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
Firefox << Most used, I use this one myself.
Opera

Bookmark general cleanup links - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly check (so now bookmark) these links for tips & tricks:
Help! My computer is slow
Slow Computer? Check here first; it may not be malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first!

>> Here << you can see how you can help us.

Have a happy computing day!!

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby zville123 » June 13th, 2008, 3:52 pm

I'm going thru and making changes suggested. I'll send another post to let you know when I'm done & how it went. Before I switched to cable modem, I used Foxfire. After I switched to Time Warner Cable, I could no longer use Foxfire. Said it couldn't find proxy server or something like that. If you have suggestions on how I can fix that so I can go back to Foxfire, I would love that!

Denise
zville123
Regular Member
 
Posts: 30
Joined: June 1st, 2008, 8:46 pm

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby zville123 » June 13th, 2008, 4:45 pm

"Update your HOSTS file"...

I don't think I did this correctly as I don't understand the directions.

Denise
zville123
Regular Member
 
Posts: 30
Joined: June 1st, 2008, 8:46 pm

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby zville123 » June 13th, 2008, 4:49 pm

I downloaded Spybot. I used it before but I'm not sure I understand it well enough and might get into trouble. Also, the little box that pops up wanting me to make a decision...most of the time I cannot read everything in the box so I don't want to allow or disallow.

Denise
zville123
Regular Member
 
Posts: 30
Joined: June 1st, 2008, 8:46 pm

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby ktreffin » June 14th, 2008, 9:57 am

Hi Denise,

As far as updating the Hosts file, all you need to do is download the hosts.zip file from the website I gave you. Unzip it and then double click on the mvps.bat file. You should see two prompts: simply click Run and continue on the first prompt. Once updated you should see another prompt that the task was completed. You may see a pop-up from certain Security programs about changes to the HOSTS file. Allow the change... That will take care of updating the hosts file for you.

The Spybot program is rather optional. It does provide good protection and is a useful tool, however you may choose not to install it if you are unsure about it. I know most of those boxes do contain a lot of technical jargon, however it is important to read them and see if you recognize anything. Obviously you don't want to allow anything your unsure about without checking it to make sure it is legitimate. Like I said, it is optional, if you would feel more comfortable without it, that is fine.

Please let me know if you have any other questions. Thanks.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby zville123 » June 14th, 2008, 5:50 pm

"The proxy server is refusing connection.

Firefox is configured to use a proxy server that is refusing connections.

* Check the proxy settings to make sure that they are correct.

* Contact your network administrator to make sure the proxy server is
working."

This is the message I received when I tried to use Foxfire. As I said earlier, I used Foxfire prior to using Time Warner's RoadRunner. Any suggestions on how I can go back to using Foxfire would be appreciated.

Denise
zville123
Regular Member
 
Posts: 30
Joined: June 1st, 2008, 8:46 pm

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby ktreffin » June 15th, 2008, 9:37 am

Hi Denise,

Not sure if I can offer a lot of help with this, however as a FireFox user myself, maybe this will help you. Please do the following:

  1. Open Firefox and under the "Tools" menu choose "Options"
  2. Click on the "Advanced" button
  3. Under the "Network" tab click the button that says "Settings" under Connection
  4. I am using FIOS and mine is set to "Direct connection to the internet" choose this if not selected and see if that solves the problem.
  5. You may also want to try the "Auto-detect proxy settings for the network" and see if that works if the other one didn't.

I can't guarantee anything, but it is worth a shot. Hopefully it will solve your problem.

Let me know what happens.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby zville123 » June 15th, 2008, 3:12 pm

Ken,

Well, I believe I did get the host file updated. And I did get Foxfire working with your suggestions! That's great! Now if you can help me remember how to switch my email over, I would be eternally grateful :D

And I did download Spybot and will give it another chance.

Denise
zville123
Regular Member
 
Posts: 30
Joined: June 1st, 2008, 8:46 pm

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby zville123 » June 15th, 2008, 5:47 pm

Well, looks like I spoke too soon. Having problems with Foxfire. It doesn't shut down when I close it. I get a box so that I have to manually end Foxfire & risk losing data. When I restart the computer and try to start Foxfire, the window doesn't come up. But when I go to shut down my computer, get the same box that says Foxfirre is running & not shutting down so I have to do it manually. I have been able (so far) to use Opera. But this is the 1st time I've used it so it's all new to me. I don't know how to switch my email from Outlook Express to one of these other internet programs.

Please help,

Denise
zville123
Regular Member
 
Posts: 30
Joined: June 1st, 2008, 8:46 pm

Re: http://ad.yieldmanager.com/st%3Fad_type & HJT Log

Unread postby ktreffin » June 17th, 2008, 10:02 am

Hi Denise,

At this point I really think it would be best if you went to a General Tech Support forum. The link that I provided you earlier seems to be down at the moment however here are some others that offer this kind of assistance:

http://forums.whatthetech.com/forums.html
http://www.techguy.org/
http://www.bleepingcomputer.com/forums/

I am comfortable in telling you that your problems are not malware related, and I believe the experts at these other forums may be able to provide you with better assistance with the remaining issues. You can certainly advise the helper that assists you that you were at this forum and we assisted you in cleaning your system.

Good luck with the remaining issues. I am sure you will be able to resolve them quickly.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware