Hijackthis[RESOLVED]


Recommended Posts

I will be running some of the online scan shortly plus AVG anti-malware. These logs are to show you what the PC has on it to start. My friends use Limewire but have no knowledge how Kaaza got on here (son maybe?). The McAfee subscription is up and I need to remove it. They now use AOL's protection.

Logfile of HijackThis v1.99.1

Scan saved at 1:06:17 PM, on 2/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

c:\program files\mcafee.com\agent\mcdetect.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\mcafee.com\antivirus\oasclnt.exe

C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\AOL\1100805334\ee\SSCEvtHdlr.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\Program Files\America Online 9.0b\waol.exe

C:\Program Files\America Online 9.0b\shellmon.exe

C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/english

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing)

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100805334\ee\SSCRun.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe

O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Event Reminder.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm006YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

StartupList report, 2/23/2007, 1:16:58 PM

StartupList version: 1.52.2

Started from : C:\hjt\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16414)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

c:\program files\mcafee.com\agent\mcdetect.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\mcafee.com\antivirus\oasclnt.exe

C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\AOL\1100805334\ee\SSCEvtHdlr.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\Program Files\America Online 9.0b\waol.exe

C:\Program Files\America Online 9.0b\shellmon.exe

C:\hjt\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Frank Calkins\Start Menu\Programs\Startup]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Digital Line Detect.lnk = ?

Event Reminder.lnk = ?

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\system32\igfxtray.exe

HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe

BCMSMMSG = BCMSMMSG.exe

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

AOL Fast Start = "C:\Program Files\America Online 9.0b\AOL.EXE" -b

swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

MySpaceIM = C:\Program Files\MySpace\IM\MySpaceIM.exe

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\ssmyst.scr

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) - {00A6FAF1-072E-44cf-8957-5838F569A31D}

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - (no file) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE}

(no name) - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing) - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B}

AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}

(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Phlinx by pogo]

CODEBASE = http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Phlinx by pogo.osd

[browseFolderPopup Class]

InProcServer32 = C:\WINDOWS\MCBin\Shared\MGBrwFld.dll

CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

CODEBASE = http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.exe

[{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}]

CODEBASE = http://aolcc.aol.com/computercheckup/qdiagcc.cab

[McAfee.com Operating System Class]

InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll

CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

[Java Plug-in 1.5.0_10]

InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Lernout & Hauspie TruVoice American English TTS Engine]

InProcServer32 = C:\WINDOWS\lhsp\tv\tvenuax.dll

CODEBASE = http://www.talkingbuddy.com/talkingbuddyinstall.exe

[DwnldGroupMgr Class]

InProcServer32 = C:\WINDOWS\system32\mcgdmgr.dll

CODEBASE = http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

[Zylom Games Player]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll

CODEBASE = http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

[Java Plug-in 1.5.0_09]

InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_10]

InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_10]

InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)

aeaudio: system32\drivers\aeaudio.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)

Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (disabled)

Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)

Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)

aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)

aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)

Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)

ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)

AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)

amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)

AOL Connectivity Service: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (autostart)

AOL TopSpeed Monitor: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (autostart)

AOL Antivirus Update Service: "C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe" (autostart)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)

asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)

asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)

RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)

Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)

BCM V.92 56K Modem: System32\DRIVERS\BCMSM.sys (manual start)

Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Brother MFC Filter Driver: System32\Drivers\Brfilt.sys (manual start)

Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Brother Multi Function Parallel Image driver: System32\DRIVERS\BrParImg.sys (manual start)

Brother WDM Parallel Driver: System32\Drivers\BrParwdm.sys (manual start)

Brother Serial driver: System32\Drivers\BrSerWdm.sys (manual start)

cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)

cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)

CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (autostart)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)

COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)

dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Disk Driver: System32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

dmio: System32\drivers\dmio.sys (disabled)

dmload: System32\drivers\dmload.sys (disabled)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)

Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)

hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)

i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)

i81x: System32\DRIVERS\i81xnt5.sys (manual start)

iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)

iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)

iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)

iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)

iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)

iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)

iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)

iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)

iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)

iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)

ialm: System32\DRIVERS\ialmnt5.sys (manual start)

InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)

CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)

ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)

IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)

Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)

IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)

IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: System32\DRIVERS\ipsec.sys (system)

IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

CA Pest Patrol Realtime Protection Service: "C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe" (autostart)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

McAfee WSC Integration: c:\program files\mcafee.com\agent\mcdetect.exe (autostart)

McAfee McShield: C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (autostart)

McAfee Task Scheduler: c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (autostart)

McAfee SecurityCenter Update Manager: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (manual start)

Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

mf: System32\DRIVERS\mf.sys (manual start)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

MPFIREWL: System32\Drivers\MpFirewall.sys (system)

McAfee Personal Firewall Service: "C:\Program Files\mcafee.com\personal firewall\MPFService.exe" (autostart)

mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)

WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)

NaiAvFilter1: system32\drivers\naiavf5x.sys (manual start)

Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: System32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\System32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: System32\DRIVERS\nv4_mini.sys (manual start)

IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)

OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)

Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PCIIde: System32\DRIVERS\pciide.sys (system)

perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)

perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)

WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Processor Driver: System32\DRIVERS\processr.sys (system)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)

ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)

Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)

ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)

ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)

ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)

Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

Sansa Updater Service: C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (autostart)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)

smwdm: system32\drivers\smwdm.sys (manual start)

Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore Filter Driver: System32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3} (manual start)

symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)

symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)

sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)

sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: System32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)

USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)

Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)

USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)

USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)

VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)

VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)

ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)

WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)

WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)

WpdUsb: System32\Drivers\wpdusb.sys (manual start)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)

Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)

Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 39,889 bytes

Report generated in 0.516 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Link to post
Share on other sites

First download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Link to post
Share on other sites

Over an hour to scan. There used to be two other accounts that were removed. I have noticed that one of them left behind remains of Kaaza.

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 5:03:12 PM 2/23/2007

+ Scan result:

C:\Program Files\Starware316\bin\Starware316.dll -> Adware.Comet : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@ad-flow[2].txt -> TrackingCookie.Ad-flow : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Adserver : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Adserver : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@bluemountain[1].txt -> TrackingCookie.Bluemountain : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@bluemountain[2].txt -> TrackingCookie.Bluemountain : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@com[1].txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@com[2].txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Enhance : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyghazogpasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Goclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Goclick : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Hitslink : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Information : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Information : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][4].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][4].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Onestat : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@overture[2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Realtracker : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Realtracker : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Specificpop : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Starware : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Starware : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank [email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn calkins@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Wegcash : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank calkins@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Frank Calkins\Cookies\frank_calkins@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn [email protected][2].txt -> TrackingCookie.Zedo : Cleaned.

C:\Documents and Settings\JoLynn Calkins\Cookies\jolynn_calkins@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Link to post
Share on other sites

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Link to post
Share on other sites

I need to run. I won't be finishing this until Monday. I will check on this thread when I get home and print further instructions from you to bring back here. Here is the Panda Scan log and a new HJT log. I have also ran jv16 and CCleaner. Later. Thanks.

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_local_machine\software\FocusInteractive

Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\FunWebProducts.ProgressiveCounterPlugin

Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Program Files\Kazaa\bdcore.dll

Logfile of HijackThis v1.99.1

Scan saved at 7:10:32 PM, on 2/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\personal firewall\MPFTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\WINDOWS\system32\cidaemon.exe

C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/whiskeyman123/Whiskeyman.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing)

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100805334\ee\SSCRun.exe

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Event Reminder.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm006YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/asinst.cab

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Link to post
Share on other sites
Ok let me know when you are back and I will post some new instructions for you to do.

I'll be back there about Noon EST Monday. There are still two active accounts on the computer (his and hers). Do I need to perform any additional scans on her account? Everything so far has been run through his account.

Link to post
Share on other sites

This HJT log is from the root while booted to his acoount.

Logfile of HijackThis v1.99.1

Scan saved at 12:50:15 PM, on 2/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\personal firewall\MPFTray.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\America Online 9.0b\waol.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\America Online 9.0b\shellmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\aol\aol toolbar 4.0\AolTbServer.exe

C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/whiskeyman123/Whiskeyman.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing)

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100805334\ee\SSCRun.exe

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Event Reminder.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm006YYUS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/asinst.cab

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

This is from her account.

Logfile of HijackThis v1.99.1

Scan saved at 12:40:38 PM, on 2/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\Program Files\mcafee.com\personal firewall\MPFTray.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\America Online 9.0b\waol.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\ESPN\GameClient.exe

C:\Program Files\America Online 9.0b\shellmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\JoLynn Calkins\My Documents\hjthers\HijackThis.exe

C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us01.xmlsearch.findwhat.com/bin/fin...otJ2M7mSF7sKP9k

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing)

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100805334\ee\SSCRun.exe

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Event Reminder.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm006

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/asinst.cab

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Link to post
Share on other sites

Should I run kazaabegone v1.30? Should I remove any remnants of My Web Search using HJT then remove any folders? I need to leave before 5 PM EST.

----------------------------------------------------------------------------------------------

I ran kazaabegone, created a new Restore Point then deleted the older ones through Disk Cleanup, ran CCleaner, ran the online scans from Kaspersky and Panda. Panda Active Scan shows 2 detections for Hacker Tools and rootkits. All of the new logs are below. I had to leave. If you see anything further or have any other programs that should be run let me know because I will be returning here in the morning.

I see I still have a My Web Search entry in the log plus the registry. I also am unsure of the TalkingBuddy entry.

His HJT log

Logfile of HijackThis v1.99.1

Scan saved at 5:30:02 PM, on 2/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\personal firewall\MPFTray.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/whiskeyman123/Whiskeyman.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing)

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100805334\ee\SSCRun.exe

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Event Reminder.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Her log

Logfile of HijackThis v1.99.1

Scan saved at 5:33:13 PM, on 2/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\personal firewall\MPFTray.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe

C:\Documents and Settings\JoLynn Calkins\My Documents\hjthers\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us01.xmlsearch.findwhat.com/bin/fin...otJ2M7mSF7sKP9k

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing)

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100805334\ee\SSCRun.exe

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Event Reminder.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm006

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Kaspersky

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, February 26, 2007 4:44:28 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 26/02/2007

Kaspersky Anti-Virus database records: 258518

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

Scan Statistics:

Total number of scanned objects: 55269

Number of viruses found: 0

Number of infected objects: 0 / 0

Number of suspicious objects: 0

Duration of the scan process: 00:40:58

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\All Users\Application Data\mcafee.com personal firewall\data\IpRules.xdb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41768505d5a60c2e349dca940d16b868_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab94519c9f82deb5d68375f4039aa79d_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e92becb09a43c243e39dfcc0607e377f_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\Frank Calkins\Application Data\MySpace\IM\Logs\MySpaceIM-Network-20070226-154154.log Object is locked skipped

C:\Documents and Settings\Frank Calkins\Application Data\MySpace\IM\Logs\MySpaceIm_02-26-2007-15-41-40-0093.log Object is locked skipped

C:\Documents and Settings\Frank Calkins\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Frank Calkins\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\Frank Calkins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Frank Calkins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Frank Calkins\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Frank Calkins\Local Settings\History\History.IE5\MSHist012007022620070227\index.dat Object is locked skipped

C:\Documents and Settings\Frank Calkins\Local Settings\Temp\sqlite_Bee7oJXmVZOsQbC Object is locked skipped

C:\Documents and Settings\Frank Calkins\Local Settings\Temp\sqlite_c0lvAf6Rdo9jfG2 Object is locked skipped

C:\Documents and Settings\Frank Calkins\Local Settings\Temp\sqlite_n2ifxF2kRn6dHGs Object is locked skipped

C:\Documents and Settings\Frank Calkins\Local Settings\Temp\~DFF1FD.tmp Object is locked skipped

C:\Documents and Settings\Frank Calkins\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Frank Calkins\ntuser.dat Object is locked skipped

C:\Documents and Settings\Frank Calkins\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\CA\PPRT\logs\2007-02-26.csv Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP403\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Panda

Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_local_machine\software\FocusInteractive

Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\FunWebProducts.ProgressiveCounterPlugin

Edited by TheTerrorist_75
Link to post
Share on other sites

I think these are bad and should be removed.

His

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

Hers

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us01.xmlsearch.findwhat.com/bin/fin...otJ2M7mSF7sKP9k

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm006

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

Should be removed from registry

hkey_local_machine\software\FocusInteractive

hkey_classes_root\FunWebProducts.ProgressiveCounterPlugin

Link to post
Share on other sites

His

O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing)

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

Hers

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us01.xmlsearch.findwhat.com/bin/fin...otJ2M7mSF7sKP9k

O2 - BHO: WebBar Class - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL (file missing)

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm006

O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} (Lernout & Hauspie TruVoice American English TTS Engine) - http://www.talkingbuddy.com/talkingbuddyinstall.exe

Then post new logs from both accounts.

Link to post
Share on other sites

Here's the latest logs. Panda Active Scan was down so I ran Housecall. It found three adware related entries and cleaned them. I also deleted those two registry entries that I posted previous.

Housecall detected and cleaned.

Adware_FunWebProducts

Adware _Promulgate

Adware_ Ibis.Websearch

His log

Logfile of HijackThis v1.99.1

Scan saved at 12:24:05 PM, on 3/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\personal firewall\MPFTray.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Program Files\America Online 9.0b\waol.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\America Online 9.0b\shellmon.exe

C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/whiskeyman123/Whiskeyman.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100805334\ee\SSCRun.exe

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Event Reminder.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Her log

Logfile of HijackThis v1.99.1

Scan saved at 1:48:18 PM, on 3/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

C:\Program Files\mcafee.com\personal firewall\MPFTray.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\AOL\1100805334\ee\aolsoftware.exe

C:\Documents and Settings\JoLynn Calkins\My Documents\hjthers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100805334\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100805334\ee\SSCRun.exe

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Event Reminder.lnk = ?

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.39/flin...r-ob-assets.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100805334\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

We wish to thank you for your help. If you want me to perform anymore scans let me know and I can set it up to come back out here.

Edited by TheTerrorist_75
Link to post
Share on other sites

Your logs are clean.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Other necessary Programs:

  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs.

Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.