Hijackthis[RESOLVED]

TheTerrorist_75 · February 23, 2007

I will be running some of the online scan shortly plus AVG anti-malware. These logs are to show you what the PC has on it to start. My friends use Limewire but have no knowledge how Kaaza got on here (son maybe?). The McAfee subscription is up and I need to remove it. They now use AOL's protection.

Logfile of HijackThis v1.99.1

Scan saved at 1:06:17 PM, on 2/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

c:\program files\mcafee.com\agent\mcdetect.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\mcafee.com\antivirus\oasclnt.exe

C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\AOL\1100805334\ee\SSCEvtHdlr.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\Program Files\America Online 9.0b\waol.exe

C:\Program Files\America Online 9.0b\shellmon.exe

C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/english

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing)

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100805334\ee\SSCRun.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe

O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Event Reminder.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm006YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

StartupList report, 2/23/2007, 1:16:58 PM

StartupList version: 1.52.2

Started from : C:\hjt\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16414)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

c:\program files\mcafee.com\agent\mcdetect.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\mcafee.com\antivirus\oasclnt.exe

C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\AOL\1100805334\ee\SSCEvtHdlr.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\Program Files\America Online 9.0b\waol.exe

C:\Program Files\America Online 9.0b\shellmon.exe

C:\hjt\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Frank Calkins\Start Menu\Programs\Startup]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Digital Line Detect.lnk = ?

Event Reminder.lnk = ?

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\system32\igfxtray.exe

HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe

BCMSMMSG = BCMSMMSG.exe

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

AOL Fast Start = "C:\Program Files\America Online 9.0b\AOL.EXE" -b

swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

MySpaceIM = C:\Program Files\MySpace\IM\MySpaceIM.exe

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\ssmyst.scr

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) - {00A6FAF1-072E-44cf-8957-5838F569A31D}

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - (no file) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE}

(no name) - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing) - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B}

AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}

(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Phlinx by pogo]

CODEBASE = http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Phlinx by pogo.osd

[browseFolderPopup Class]

InProcServer32 = C:\WINDOWS\MCBin\Shared\MGBrwFld.dll

CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

CODEBASE = http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.exe

[{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}]

CODEBASE = http://aolcc.aol.com/computercheckup/qdiagcc.cab

[McAfee.com Operating System Class]

InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll

CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

[Java Plug-in 1.5.0_10]

InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Lernout & Hauspie TruVoice American English TTS Engine]

InProcServer32 = C:\WINDOWS\lhsp\tv\tvenuax.dll

CODEBASE = http://www.talkingbuddy.com/talkingbuddyinstall.exe

[DwnldGroupMgr Class]

InProcServer32 = C:\WINDOWS\system32\mcgdmgr.dll

CODEBASE = http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

[Zylom Games Player]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll

CODEBASE = http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

[Java Plug-in 1.5.0_09]

InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_10]

InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_10]

InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)

aeaudio: system32\drivers\aeaudio.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)

Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (disabled)

Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)

Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)

aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)

aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)

Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)

ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)

AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)

amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)

AOL Connectivity Service: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (autostart)

AOL TopSpeed Monitor: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (autostart)

AOL Antivirus Update Service: "C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe" (autostart)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)

asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)

asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)

RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)

Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)

BCM V.92 56K Modem: System32\DRIVERS\BCMSM.sys (manual start)

Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Brother MFC Filter Driver: System32\Drivers\Brfilt.sys (manual start)

Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Brother Multi Function Parallel Image driver: System32\DRIVERS\BrParImg.sys (manual start)

Brother WDM Parallel Driver: System32\Drivers\BrParwdm.sys (manual start)

Brother Serial driver: System32\Drivers\BrSerWdm.sys (manual start)

cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)

cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)

CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (autostart)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)

COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)

dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Disk Driver: System32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

dmio: System32\drivers\dmio.sys (disabled)

dmload: System32\drivers\dmload.sys (disabled)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)

Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)

hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)

i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)

i81x: System32\DRIVERS\i81xnt5.sys (manual start)

iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)

iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)

iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)

iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)

iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)

iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)

iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)

iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)

iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)

iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)

ialm: System32\DRIVERS\ialmnt5.sys (manual start)

InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)

CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)

ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)

IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)

Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)

IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)

IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: System32\DRIVERS\ipsec.sys (system)

IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

CA Pest Patrol Realtime Protection Service: "C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe" (autostart)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

McAfee WSC Integration: c:\program files\mcafee.com\agent\mcdetect.exe (autostart)

McAfee McShield: C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (autostart)

McAfee Task Scheduler: c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (autostart)

McAfee SecurityCenter Update Manager: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (manual start)

Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

mf: System32\DRIVERS\mf.sys (manual start)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

MPFIREWL: System32\Drivers\MpFirewall.sys (system)

McAfee Personal Firewall Service: "C:\Program Files\mcafee.com\personal firewall\MPFService.exe" (autostart)

mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)

WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)

NaiAvFilter1: system32\drivers\naiavf5x.sys (manual start)

Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: System32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\System32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: System32\DRIVERS\nv4_mini.sys (manual start)

IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)

OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)

Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PCIIde: System32\DRIVERS\pciide.sys (system)

perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)

perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)

WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Processor Driver: System32\DRIVERS\processr.sys (system)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)

ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)

Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)

ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)

ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)

ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)

Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

Sansa Updater Service: C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (autostart)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)

smwdm: system32\drivers\smwdm.sys (manual start)

Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore Filter Driver: System32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3} (manual start)

symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)

symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)

sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)

sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: System32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)

USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)

Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)

USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)

USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)

VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)

VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)

ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)

WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)

WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)

WpdUsb: System32\Drivers\wpdusb.sys (manual start)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)

Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)

Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 39,889 bytes

Report generated in 0.516 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

therock247uk · February 23, 2007

First download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

TheTerrorist_75 · February 23, 2007

Over an hour to scan. There used to be two other accounts that were removed. I have noticed that one of them left behind remains of Kaaza.

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 5:03:12 PM 2/23/2007

+ Scan result:

C:\Program Files\Starware316\bin\Starware316.dll -> Adware.Comet : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@ad-flow[2].txt -> TrackingCookie.Ad-flow : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Adserver : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Adserver : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@bluemountain[1].txt -> TrackingCookie.Bluemountain : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@bluemountain[2].txt -> TrackingCookie.Bluemountain : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@com[1].txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@com[2].txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Enhance : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyghazogpasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Goclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Goclick : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.