[jeff1111]

Hopefully I am posting this is the right section.

Running Windows XP

Last week I was getting an error upon login to windows where it said a file
called: browsseui.dll was corrupt.
no icons would show up on the desktop and i could not get to my files (explorer) or folders.

i could access the task manager so i copied a new browseseui.dll file to the folder
c:\windows\system32 and it fixed the problem, though every day it would reappear.

avast virus scan and ms defender found no viruses

today i got the same problem but also and error message
explorer.exe 0xc0000005 error

again no desktop icons and unable to get to files or folders-- even when i replaced the browseui.dll file

have searched around but not finding a solution....

i already tried a system restore to a couple weeks ago
and no change. i also already tried to download a patch but that
did nothing.

suggestions appreciated....

though remember i do not have a way to find or get to a file i may download. unless someone can tell me how to do that as well.

this is a business computer with many files i need to access and/or copy off so any help would be greatly
appreciated.

thanks.

[JSntgRvr]

Hi, jeff1111.

Welcome to TSG.

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[jeff1111]

Thanks, I did as you posted, here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:12 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.createthechange.com/news.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vitagenesis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm265MFUS
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://racing.youbet.com/wr_6_1/controls/ybrequest.cab
O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet.com/wr_6_1/controls/YBUICtrl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9109 bytes

[JSntgRvr]

Hi, jeff1111

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

MyWebSearch

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\MyWebSearch

Restart the computer.

Download Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.

If the files are too long, attach them to a reply:

1. Scroll down and click the [Manage Attachments] button
2. Browse to the following folder:
   • C:\Deckard\System Scanner
3. Click Upload to upload these files one by one
4. Submit your reply

[jeff1111]

I followed the instructions and all went well until I tried to run
the dss.exe file I downloaded. Tried it three times and it started
and got the the point where it said: Backing Up Registry Hives
and then my computer would reboot.

The icons have reappeared though, which is good. Yet there still may be
a virus or problem? If you can please let me know why you think the dss.exe
execution would cause my computer to reboot and if there is anything
i can do to get it to run as your requested.

thanks,
Jeff

[jeff1111]

Update,

I tried the dss.exe again and this time it got
past the Hives back up but then when it got to
the Temporary Files I got this message:

dss.exe has encountered a problem and needs to
close.

Error signature
AppName: dss.exe AppVer 3.2.8.1 ModName dss.dll
ModVer 0.0.0.0 Offset 00002120

Exception information
Code: 0xc000000d
Flags: 0x00000000

[JSntgRvr]

Hi, jeff1111

Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing a batch file. Once extracted, double click on the RunMe.bat and post the contents of resulting report.

Download OTScanit.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanit on your desktop. OTScanit can be detected as malware by your firewall and Ativirus. Chose Ignore on any warning alert.

1. Close any open browsers.
2. Open the OTScanit folder and double-click on OTScanit.exe to start the program.
3. Now click the Run Scan button on the toolbar.
4. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
5. When the scan is complete Notepad will open with the report file loaded in it.
6. Save that notepad file

Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).

[jeff1111]

Thanks,

I did these steps and have attached both results files.

- Jeff

[JSntgRvr]

Hi, jeff1111

You have been running programs from the temporary folders. Nothing should be ran from these. If you need to download and run a program, make sure you run that program from a Permanent folder such as, your desktop.

Start OTScanit. Copy/Paste the information in the Quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Capture Text -> []
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
YN -> FunWebProducts -> 
YN -> SU 3.011 -> StumbleUpon Version String
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YY -> ic32pp:{BBCA9F81-8F4F-11D2-90FF-0080C83D3571} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\wc98pp.dll[Reg Error: Value  does not exist or could not be read.]
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\\.Owner -> {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}
[Files/Folders - Created Within 30 days]
YY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat
NY -> 16 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZD8DN9NW\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZD8DN9NW\*.tmp
NY -> CF06674C-EDA6-48df-B12C-F810984ACF54.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\CF06674C-EDA6-48df-B12C-F810984ACF54.exe
NY -> dotnetfx3setup.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\dotnetfx3setup.exe
NY -> install.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\install.exe
NY -> JingSetup1.2.5.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\JingSetup1.2.5.exe
NY -> msgup810_249_us.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\msgup810_249_us.exe
NY -> msgup810_401_us.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\msgup810_401_us.exe
NY -> msgup810_421_us.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\msgup810_421_us.exe
NY -> msgup_us.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\msgup_us.exe
NY -> WiseUpdX.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\WiseUpdX.exe
NY -> ymsgr.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\ymsgr.exe
NY -> 4023 C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp
NY -> uninstall.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\{257079CA-2FFD-4C92-A1B5-3AE466ECEF22}\uninstall.exe
NY -> update.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\{257079CA-2FFD-4C92-A1B5-3AE466ECEF22}\update.exe
NY -> 3 C:\Documents and Settings\Jeff\Local Settings\Temp\{257079CA-2FFD-4C92-A1B5-3AE466ECEF22}\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\{257079CA-2FFD-4C92-A1B5-3AE466ECEF22}\*.tmp
NY -> QuickTimeInstaller.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\{336C06E7-0219-44AF-8593-E2009E24FCCD}\QuickTimeInstaller.exe
NY -> Drvldr.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\{D0B62912-F69C-4F35-BAC6-8460F7DF6C3C}\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Roxio\Drvldr.exe
NY -> setup.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\{D0B62912-F69C-4F35-BAC6-8460F7DF6C3C}\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Roxio\setup.exe
NY -> md5deep.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~aidlpks.tmp\md5deep.exe
NY -> sed.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~aidlpks.tmp\sed.exe
NY -> swreg.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~aidlpks.tmp\swreg.exe
NY -> md5deep.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~dykoriw.tmp\md5deep.exe
NY -> sed.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~dykoriw.tmp\sed.exe
NY -> md5deep.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~eijtxmu.tmp\md5deep.exe
NY -> sed.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~eijtxmu.tmp\sed.exe
NY -> swreg.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~eijtxmu.tmp\swreg.exe
NY -> md5deep.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~fyivshr.tmp\md5deep.exe
NY -> sed.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~fyivshr.tmp\sed.exe
NY -> swreg.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~fyivshr.tmp\swreg.exe
NY -> md5deep.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~mjgjgtc.tmp\md5deep.exe
NY -> sed.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~mjgjgtc.tmp\sed.exe
NY -> swreg.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~mjgjgtc.tmp\swreg.exe
NY -> md5deep.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~smqgbhg.tmp\md5deep.exe
NY -> sed.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~smqgbhg.tmp\sed.exe
NY -> swreg.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\~smqgbhg.tmp\swreg.exe
NY -> INVISUSSpywareScan.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\is-MCQER.tmp\INVISUSSpywareScan.exe
NY -> SetupX.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\SetupX.exe
NY -> 50comupd.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\50comupd.exe
NY -> instmsia.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\instmsia.exe
NY -> instmsiw.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\instmsiw.exe
NY -> ShFolder.Exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\ShFolder.Exe
NY -> NeroDelTmp.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Setup\NeroDelTmp.exe
NY -> UninstallNero.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Setup\UninstallNero.exe
NY -> Secret Crystals and Gemstones Vol I eBook.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Directory 1 for Secret_Crystals_and_Gemstones_Vol_I_eBook.zip\Secret Crystals and Gemstones Vol I eBook.exe
NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for Secret_Crystals_and_Gemstones_Vol_I_eBook.zip\Secret Crystals and Gemstones Vol I eBook.exe:Zone.Identifier
NY -> Setup.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Directory 1 for sothink-free-menu-builder.zip\Disk1\Setup.exe
NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for sothink-free-menu-builder.zip\Disk1\Setup.exe:Zone.Identifier
NY -> Secret Crystals and Gemstones Vol I eBook.exe -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Directory 2 for Secret_Crystals_and_Gemstones_Vol_I_eBook.zip\Secret Crystals and Gemstones Vol I eBook.exe
NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 2 for Secret_Crystals_and_Gemstones_Vol_I_eBook.zip\Secret Crystals and Gemstones Vol I eBook.exe:Zone.Identifier
NY -> AcsInstall.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\AcsInstall.dll
NY -> AOLFirewallMgr.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\AOLFirewallMgr.dll
NY -> AOLInstallerfw.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\AOLInstallerfw.dll
NY -> insmac2k.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\insmac2k.dll
NY -> instph.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\instph.dll
NY -> QTInstallerHelper.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\QTInstallerHelper.dll
NY -> SHFOLDER.DLL -> C:\Documents and Settings\Jeff\Local Settings\Temp\SHFOLDER.DLL
NY -> uninst.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\uninst.dll
NY -> ywiseext.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\ywiseext.dll
NY -> 4023 C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp
NY -> 5596adc.DLL -> C:\Documents and Settings\Jeff\Local Settings\Temp\_ISTMP1.DIR\_ISTMP1.DIR\5596adc.DLL
NY -> Adobeisf.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\_ISTMP1.DIR\_ISTMP1.DIR\Adobeisf.dll
NY -> Adobeupd.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\_ISTMP1.DIR\_ISTMP1.DIR\Adobeupd.dll
NY -> patchw32.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\_ISTMP1.DIR\_ISTMP1.DIR\patchw32.dll
NY -> CondMgr.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\CondMgr.dll
NY -> HSAPI.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\HSAPI.dll
NY -> dss.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\~aidlpks.tmp\dss.dll
NY -> dss.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\~dykoriw.tmp\dss.dll
NY -> dss.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\~eijtxmu.tmp\dss.dll
NY -> dss.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\~fyivshr.tmp\dss.dll
NY -> dss.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\~mjgjgtc.tmp\dss.dll
NY -> pncrt.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\~rnsetup\pncrt.dll
NY -> pnrs3260.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\~rnsetup\pnrs3260.dll
NY -> dss.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\~smqgbhg.tmp\dss.dll
NY -> asycfilt.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\MS\System\asycfilt.dll
NY -> mfc42.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\MS\System\mfc42.dll
NY -> msvcirt.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\MS\System\msvcirt.dll
NY -> msvcp60.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\MS\System\msvcp60.dll
NY -> msvcrt.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\MS\System\msvcrt.dll
NY -> oleaut32.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\MS\System\oleaut32.dll
NY -> olepro32.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Redist\MS\System\olepro32.dll
NY -> APATCH.DLL -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Setup\APATCH.DLL
NY -> nps.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Setup\nps.dll
NY -> unrar.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\NeroDemo9598\Setup\unrar.dll
NY -> AdvrCntr2.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nro.tmp\AdvrCntr2.dll
NY -> ShellManager.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nro.tmp\ShellManager.dll
NY -> ShellManager10E2D762.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nro.tmp\ShellManager10E2D762.dll
NY -> 1 C:\Documents and Settings\Jeff\Local Settings\Temp\nro.tmp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\nro.tmp\*.tmp
NY -> System.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsi414.tmp\System.dll
NY -> InetLoad.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsvD74.tmp\InetLoad.dll
NY -> InstallOptions.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsvD74.tmp\InstallOptions.dll
NY -> System.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsvD74.tmp\System.dll
NY -> UserInfo.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsvD74.tmp\UserInfo.dll
NY -> InetLoad.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsxD70.tmp\InetLoad.dll
NY -> InstallOptions.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsxD70.tmp\InstallOptions.dll
NY -> System.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsxD70.tmp\System.dll
NY -> UserInfo.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsxD70.tmp\UserInfo.dll
NY -> rhaplog.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\Rhapsody\rhaplog.dll
NY -> rspov2701.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\RSPSoftware\rspov2701.dll
NY -> js3250.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\tb_temp\xpcom.ns\bin\js3250.dll
NY -> nspr4.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\tb_temp\xpcom.ns\bin\nspr4.dll
NY -> plc4.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\tb_temp\xpcom.ns\bin\plc4.dll
NY -> plds4.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\tb_temp\xpcom.ns\bin\plds4.dll
NY -> xpcom_compat.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\tb_temp\xpcom.ns\bin\xpcom_compat.dll
NY -> xpcom_core.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\tb_temp\xpcom.ns\bin\xpcom_core.dll
NY -> jar50.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\tb_temp\xpcom.ns\bin\components\jar50.dll
NY -> jsd3250.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\tb_temp\xpcom.ns\bin\components\jsd3250.dll
NY -> xpinstal.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\tb_temp\xpcom.ns\bin\components\xpinstal.dll
NY -> pcp.dat -> C:\Documents and Settings\Jeff\Local Settings\Temp\pcp.dat
NY -> Perflib_Perfdata_1e4.dat -> C:\Documents and Settings\Jeff\Local Settings\Temp\Perflib_Perfdata_1e4.dat
NY -> Perflib_Perfdata_d08.dat -> C:\Documents and Settings\Jeff\Local Settings\Temp\Perflib_Perfdata_d08.dat
NY -> Perflib_Perfdata_e9c.dat -> C:\Documents and Settings\Jeff\Local Settings\Temp\Perflib_Perfdata_e9c.dat
NY -> 4023 C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp
NY -> 1a162918f4e459e3f12678cf55c8c460.dat -> C:\Documents and Settings\Jeff\Local Settings\Temp\{257079CA-2FFD-4C92-A1B5-3AE466ECEF22}\cache\1a162918f4e459e3f12678cf55c8c460.dat
NY -> 4194-1~3.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\4194-1~3.ini
NY -> addonsb.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\addonsb.ini
NY -> AOLFirewallMgr.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\AOLFirewallMgr.ini
NY -> aolsetup.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\aolsetup.ini
NY -> Dll_.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\Dll_.ini
NY -> setup.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\setup.ini
NY -> {AC76BA86-1033-F400-7760-000000000003}.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\{AC76BA86-1033-F400-7760-000000000003}.ini
NY -> 4023 C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp
NY -> AdobeIns.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\_ISTMP1.DIR\_ISTMP1.DIR\AdobeIns.ini
NY -> 0x0409.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\{D0B62912-F69C-4F35-BAC6-8460F7DF6C3C}\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Roxio\0x0409.ini
NY -> Setup.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\{D0B62912-F69C-4F35-BAC6-8460F7DF6C3C}\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Roxio\Setup.ini
NY -> vtipres.INI -> C:\Documents and Settings\Jeff\Local Settings\Temp\FrontPageTempDir\vtipres.INI
NY -> 106 C:\Documents and Settings\Jeff\Local Settings\Temp\FrontPageTempDir\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\FrontPageTempDir\*.tmp
NY -> ioSpecial.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsvD74.tmp\ioSpecial.ini
NY -> ioSpecial.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\nsxD70.tmp\ioSpecial.ini
NY -> z-BornRich.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Directory 1 for bornrich.zip\z-BornRich.ini
NY -> z-BornRich.ini -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Directory 2 for bornrich.zip\z-BornRich.ini
NY -> 1 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\0HMRGLQJ\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\0HMRGLQJ\*.tmp
NY -> 57 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\1V7FH1KU\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\1V7FH1KU\*.tmp
NY -> 54 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\8PIV8D2N\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\8PIV8D2N\*.tmp
NY -> 6 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJEBIHUB\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJEBIHUB\*.tmp
NY -> 80 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\AXO769M9\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\AXO769M9\*.tmp
NY -> 23 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\DZIPVR1T\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\DZIPVR1T\*.tmp
NY -> 13 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\GDE3STU3\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\GDE3STU3\*.tmp
NY -> 3 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\HBNZ2FLN\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\HBNZ2FLN\*.tmp
NY -> 15 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\N0YFAG1Y\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\N0YFAG1Y\*.tmp
NY -> 18 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHYRO9YN\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHYRO9YN\*.tmp
NY -> 7 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\S54JW3SJ\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\S54JW3SJ\*.tmp
NY -> 15 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNH3A2FP\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNH3A2FP\*.tmp
NY -> 3 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOD5RRZN\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOD5RRZN\*.tmp
NY -> 66 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5U3CP6B\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5U3CP6B\*.tmp
NY -> 15 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\YX523QLS\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\YX523QLS\*.tmp
NY -> 16 C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZD8DN9NW\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZD8DN9NW\*.tmp
NY -> capture.exe -> C:\WINDOWS\Temp\capture.exe
NY -> ~GL_1476.EXE -> C:\WINDOWS\Temp\~GL_1476.EXE
NY -> 97 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY -> saver.dll -> C:\WINDOWS\Temp\saver.dll
NY -> 97 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Extra Files]
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\0HMRGLQJ\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\1V7FH1KU\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\8PIV8D2N\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\AJEBIHUB\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\DZIPVR1T\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\EDELOXGZ\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\GDE3STU3\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\HBNZ2FLN\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\N0YFAG1Y\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\N8H5F08C\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHYRO9YN\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\OLW56NK1\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q7GTADSR\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\S54JW3SJ\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\S54JW3SJ\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNH3A2FP\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNH3A2FP\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOD5RRZN\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\UOD5RRZN\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5U3CP6B\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\YX523QLS\*.*
C:\Documents and Settings\Jeff\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZD8DN9NW\*.*
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanit scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

[jeff1111]

It looks to me like the Otscanit program is in my desktop folder, so I am not sure how I am running them from a temporary folder.

C:\Documents and Settings\Jeff\Desktop\OTScanIt

But I Ran this as you suggested and:

1. Did not see a box pop up saying it was finished, a box popped up saying it
needed to reboot the computer to finish moving files.

2. I clicked Ok and it rebooted fine.

Not sure what files to include but I have attached one of two log files I see in a folder called Moved Files. The second one will not attach as it is probably too big, it is
2.45 MB (2,574,956 bytes) and called 04192008_211146.log


I also included the Otscanit.txt file even though that seems to be time stamped this afternoon.

I hope I did this correctly, please let me know if I need to rerun it or something?

I appreciate all the help you have given so far, - Jeff

[JSntgRvr]

The OTScanIt report is the same report submitted earlier. Please re-scan with OTScanIt and post a fresh report.

[jeff1111]

I re-scanned with OTScanIt and have attached
the fresh report.

Thank you.

[JSntgRvr]

Hi, jeff1111

It looks much better.

Please do an online scan with Kaspersky WebScanner (Use internet Explorer)

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[jeff1111]

The scan ran for about 20 minutes and the screen/compute froze up.
I had to reboot to do anything.

Will try it again and post if it runs through.

Update, I did have the browseui.dll file corrupted again this morning (no icons on desktop) and they returned after I corrected that file.

Computer has rebooted itself twice (this has happened in the past as well) for no apparent reason.

Again, many thanks for your continued help with this. - Jeff

[JSntgRvr]

Hi, jeff1111

Try DSS.exe once again, if the issue persists, please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   -----------------------------------------------------------
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**