Windows XP Program Files

[jnan1954]

what is programfiles\commonfiles\paretologic\uus2\uus.dll  this has been coming up on a daily basis 2-3 times a day for the last month.  Thank you.

[Dias de verano]

You possibly have a spyware infection.

[Broni]

Do\did you have any ParetoLogic: http://www.paretologic.com/products/index.aspx product installed?

[jnan1954]

No I don't have any paretologic software installed.  Thanks for the help.  Searched everything and nothing comes up.

[Dias de verano]

I mentioned spyware because I did a google and found that there is a known virus that disguises itself as uus.dll and even creates a folder named C:\Program Files\Common Files\ParetoLogic\UUS\ to hide in.

It is sometimes called Trojan.Virtumonde or Vundo, and is difficult to remove. Spybot finds & deletes it but it returns in many cases.

I suggest that malware specialists be consulted.

[Broni]

We better check...

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
          o Close browsers before scanning.
          o Scan for tracking cookies.
          o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
          o Click Preferences, then click the Statistics/Logs tab.
          o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
          o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
          o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

[jnan1954]

Here is the first scan from Super Antispyware

The only thing I had was Cookies but I deleted everything anyway.  Will be sent in 2 parts

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/27/2008 at 01:25 AM

Application Version : 4.1.1046

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type       : Complete Scan
Total Scan Time : 03:19:08

Memory items scanned      : 165
Memory threats detected   : 0
Registry items scanned    : 5241
Registry threats detected : 0
File items scanned        : 78839
File threats detected     : 276

Adware.Tracking Cookie
   C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@10click[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
   C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@adbureau[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@adecn[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@adlegend[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@adviva[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@bfast[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@bizrate[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@bravenet[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@chitika[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@click-n-order[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@click-to-download[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@collective-media[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@dealtime[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@dietpilldiscounts[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@discountours[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@dmtracker[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@easy-hit-counters[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@enhance[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@findmyorder[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@gostats[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@indexstats[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@indextools[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@keywordmax[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@lynxtrack[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@media6degrees[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@mystats[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@peoplefinders[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   

[jnan1954]

Here is the 2nd part for the SuperAntispyware scan:

C:\Documents and Settings\Owner\Cookies\owner@qnsr[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
   C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][6].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][7].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][8].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@search4clicks[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][6].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][7].txt
   C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@superstats[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@trafficdashboard[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@traffic[1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@tripod[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@valueclick[2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][5].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][7].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
   C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@adecn[2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@clicksmartaffiliates[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@directtrack[2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@hypertracker[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@indextools[2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@keywordmax[2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@linksynergy[2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@liveperson[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@lynxtrack[2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@mediabreakaway[2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@mywebsearch[2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@redorbit[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@revenue[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][3].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\My Documents\My Documents\Documents and Settings\Owner\Cookies\[email protected][1].txt

[jnan1954]

Here's the log from Malwarebytes:

Malwarebytes' Anti-Malware 1.12
Database version: 790

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 122955
Time elapsed: 1 hour(s), 1 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks

[jnan1954]

Here is the hijackthis log   THANKS   

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:39 PM, on 5/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202183579750
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://games.bigfishgames.com/en_mysterysolitairese/online/SpinTopGamesLauncher.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7045 bytes

[Broni]

Logs are clean.

Open Windows Explorer, navigate to:
C:\WINDOWS\Tasks, and see, if you have an entry, or sub-folder, named:
Pareto UNS.job
If so, delete it.

Let me know.

[jnan1954]

There is a Paretologic registration under tasks I have deleted it.  Don't know how it got there. Thank you very much for your help.  Every once in awhile I run into something that I just can't figure out.  I will keep your website on hand just in case.  Glad it was a bug or anything.  Thanks again JNAN1954

[Broni]

I'm glad, it's fixed
Possibly, it was "drive-by-install", while installing some other program.