Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% Cpu Usage And More


  • Please log in to reply
12 replies to this topic

#1 AmyKitty

AmyKitty

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 14 November 2005 - 12:38 AM

Hi I'm new here. I went and did everything the preparation guide said so i'm sorry if I still did something wrong. Anyway I got a Dell Dimension 2400 a little over a year ago and it's really been messing up for the past few months. It starting lagging and I found that a component of my McAFee anti-virus, Mpftray.exe, started using up 100% CPU. I can exit out of it in the windows task manager but sometimes it comes back. I actually had it deleted for a little while even. Also I noticed that I had two AOLservicehost.exe and that one uses up 20,000 and makes my CPU go up sometimes. And that waol.exe slowly goes up to use 100,000 K of memory sometimes, even when I'm not doing a lot online. Right now it's at 46,760 K. And I haven't been able to connect to my Guild Wars game for a week. It just sits there saying it can't connect. Today after I scanned with the stuff in the preparation guide I reinstalled McAfee anti-virus and firewall. It seemed ok until later tonight. I think I may be because I downloaded some windows automatic updates. Also sometimes IExplorer.exe shows up in the task manger and uses up a lot of CPU, even when I'm not using Internet Explorer. I hope you can make sense of this and help me. It's becoming very frustrating. Also here is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 11:08:18 PM, on 11/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\AOL\1101000692\ee\AOLHostManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1101000692\ee\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\common files\aol\1101000692\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1101000692\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Amy\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101000692\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098556410218
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


I hope someone can help. :thumbsup:

BC AdBot (Login to Remove)

 


#2 AmyKitty

AmyKitty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 16 November 2005 - 11:58 PM

It seems to have gotten worse now. I keep getting pop ups in internet explorer every 15 minutes when I'm not even on a website. :thumbsup:

#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 19 November 2005 - 03:02 PM

Hi AmyKitty and Welcome to the Bleeping Computer!

Lets have a Deeper look inside there.

Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Please download Rootkit Revealer (link is at the very bottom of the page)
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save it to your desktop.
  • Save it as RKR.log
  • Open RKR.log on your desktop and copy the entire contents and paste them here
Post the results of those 2 scans in the next reply please.

#4 AmyKitty

AmyKitty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 19 November 2005 - 10:11 PM

Ok here are my results.

WinPFind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/29/2002 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 11/10/2005 11:00:08 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/10/2005 11:00:08 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/19/2005 2:31:44 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
11/13/2005 10:48:48 PM HS 4704 C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/4/2005 7:17:40 PM S 21737 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
9/28/2005 10:53:30 AM S 17402 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
11/19/2005 2:31:34 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
11/19/2005 2:32:26 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
11/19/2005 2:31:48 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
11/19/2005 2:32:28 PM H 77824 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
11/19/2005 5:09:06 PM H 69632 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
11/13/2005 10:45:22 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
9/30/2005 6:50:18 AM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\e1befa0b-e413-47a7-9eef-cecaf60e2b54
9/30/2005 6:50:18 AM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
11/19/2005 12:04:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/8/2003 6:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Borland Software Corporation 10/7/2003 12:39:00 PM 184320 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
9/18/2003 2:18:00 AM R 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 8/20/2004 2:53:06 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 2:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 1/6/2004 4:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 1/23/2005 9:33:44 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 8:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
10/9/2004 5:32:58 PM 1518 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 7:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 8:00:00 AM HS 84 C:\Documents and Settings\Amy\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 7:50:46 AM HS 62 C:\Documents and Settings\Amy\Application Data\DESKTOP.INI
12/16/2004 12:10:50 PM 12358 C:\Documents and Settings\Amy\Application Data\PFP120JCM.{PB
12/16/2004 12:10:50 PM 61678 C:\Documents and Settings\Amy\Application Data\PFP120JPR.{PB

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\Program Files\AOL Toolbar\toolbar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}
ButtonText = MUSICMATCH MX Web Player :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\Program Files\AOL Toolbar\toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
DVDLauncher "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
IntelMeM C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
dla C:\WINDOWS\system32\dla\tfswctrl.exe
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
DwlClient C:\Program Files\Common Files\Dell\EUSW\Support.exe
Dell Photo AIO Printer 922 "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
HostManager C:\Program Files\Common Files\AOL\1101000692\ee\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Pure Networks Port Magic "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
MimBoot C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
VSOCheckTask "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
AOLCC "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
AOL Fast Start "C:\Program Files\America Online 9.0a\AOL.EXE" -b

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/19/2005 5:16:54 PM


And RKR

HKLM\SOFTWARE\Classes\webcal\URL Protocol 11/20/2004 7:34 PM 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\~LastLogIdx 11/19/2005 7:50 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#036 11/19/2005 7:50 PM 160 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#037 11/19/2005 7:50 PM 208 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#038 11/19/2005 7:50 PM 250 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#039 11/19/2005 7:50 PM 392 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#040 11/19/2005 7:50 PM 292 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#041 11/19/2005 7:50 PM 330 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#042 11/19/2005 7:50 PM 104 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#043 11/19/2005 7:50 PM 830 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#044 11/19/2005 7:50 PM 1010 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#045 11/19/2005 7:50 PM 170 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Personal Firewall\HwTime 11/19/2005 7:50 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 11/19/2005 7:51 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\SchedulingAgent\LastTaskRun 11/19/2005 12:12 PM 16 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MCUpdateExe 11/19/2005 7:48 PM 84 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\7b460646ce910ea001338fc8207d9c850ac6c011\metrics\data\D6BEE2-8815-41D7-A9AF-7737D693DEA.1132452247.tlv 11/19/2005 8:04 PM 2.25 KB Hidden from Windows API.
C:\Documents and Settings\Amy\Local Settings\Temp\~DFC74F.tmp 11/19/2005 8:29 PM 368.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP412\A0142963.ph 11/19/2005 1:45 PM 10 bytes Hidden from Windows API.
C:\WINDOWS\Prefetch\ASP.EXE-013F3720.pf 11/19/2005 8:27 PM 33.51 KB Hidden from Windows API.

Thanks so much for helping :thumbsup:

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 November 2005 - 06:21 AM

It appears there are some leftovers from a previous infection.

Lets see if we can clean up some of the garbage with SpySweeper

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
After SpySweeper has finished and you have saved the session log,run this online scan and save the results please.

Panda Active Scan


Post back with a fresh HijackThis log and the reports from SpySweeper and Panda

#6 AmyKitty

AmyKitty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 20 November 2005 - 07:16 PM

Everything seems to be ok except for Mpftray.exe keeps using up 100% cpu and making my whole comp slow. After I did some scans in safe mode last night it stopped but when I turned my comp on this morning it had started up again.

Spy Sweeper
********
1:45 PM: | Start of Session, Sunday, November 20, 2005 |
1:45 PM: Spy Sweeper started
1:45 PM: Sweep initiated using definitions version 574
1:46 PM: Starting Memory Sweep
1:57 PM: Memory Sweep Complete, Elapsed Time: 00:11:30
1:57 PM: Starting Registry Sweep
2:01 PM: Registry Sweep Complete, Elapsed Time:00:04:13
2:02 PM: Starting Cookie Sweep
2:02 PM: Found Spy Cookie: 2o7.net cookie
2:02 PM: amy@112.2o7[1].txt (ID = 1958)
2:02 PM: amy@2o7[1].txt (ID = 1957)
2:02 PM: Found Spy Cookie: 64.62.232 cookie
2:02 PM: amy@64.62.232[2].txt (ID = 1987)
2:02 PM: amy@64.62.232[3].txt (ID = 1987)
2:02 PM: amy@64.62.232[4].txt (ID = 1987)
2:02 PM: amy@64.62.232[5].txt (ID = 1987)
2:02 PM: amy@64.62.232[6].txt (ID = 1987)
2:02 PM: Found Spy Cookie: 888 cookie
2:02 PM: amy@888[1].txt (ID = 2019)
2:02 PM: amy@888[2].txt (ID = 2019)
2:02 PM: Found Spy Cookie: reunion cookie
2:02 PM: amy@ad.reunion[1].txt (ID = 3256)
2:02 PM: Found Spy Cookie: yieldmanager cookie
2:02 PM: amy@ad.yieldmanager[1].txt (ID = 3751)
2:02 PM: Found Spy Cookie: adecn cookie
2:02 PM: amy@adecn[2].txt (ID = 2063)
2:02 PM: Found Spy Cookie: adknowledge cookie
2:02 PM: amy@adknowledge[2].txt (ID = 2072)
2:02 PM: Found Spy Cookie: hbmediapro cookie
2:02 PM: amy@adopt.hbmediapro[2].txt (ID = 2768)
2:02 PM: Found Spy Cookie: specificclick.com cookie
2:02 PM: amy@adopt.specificclick[2].txt (ID = 3400)
2:02 PM: Found Spy Cookie: addynamix cookie
2:02 PM: amy@ads.addynamix[1].txt (ID = 2062)
2:02 PM: Found Spy Cookie: belointeractive cookie
2:02 PM: amy@ads.belointeractive[1].txt (ID = 2295)
2:02 PM: Found Spy Cookie: pointroll cookie
2:02 PM: amy@ads.pointroll[2].txt (ID = 3148)
2:02 PM: Found Spy Cookie: advertising cookie
2:02 PM: amy@advertising[2].txt (ID = 2175)
2:02 PM: Found Spy Cookie: about cookie
2:02 PM: amy@anime.about[1].txt (ID = 2038)
2:02 PM: Found Spy Cookie: falkag cookie
2:02 PM: amy@as-us.falkag[1].txt (ID = 2650)
2:02 PM: Found Spy Cookie: askmen cookie
2:02 PM: amy@askmen[1].txt (ID = 2247)
2:02 PM: Found Spy Cookie: ask cookie
2:02 PM: amy@ask[1].txt (ID = 2245)
2:02 PM: Found Spy Cookie: atlas dmt cookie
2:02 PM: amy@atdmt[2].txt (ID = 2253)
2:02 PM: Found Spy Cookie: belnk cookie
2:02 PM: amy@ath.belnk[2].txt (ID = 2293)
2:02 PM: Found Spy Cookie: atwola cookie
2:02 PM: amy@atwola[1].txt (ID = 2255)
2:02 PM: Found Spy Cookie: banners cookie
2:02 PM: amy@banners[2].txt (ID = 2282)
2:02 PM: amy@beauty.about[1].txt (ID = 2038)
2:02 PM: amy@belointeractive[1].txt (ID = 2294)
2:02 PM: Found Spy Cookie: bizrate cookie
2:02 PM: amy@bizrate[1].txt (ID = 2308)
2:02 PM: amy@cartoonnetwork.122.2o7[1].txt (ID = 1958)
2:02 PM: Found Spy Cookie: casalemedia cookie
2:02 PM: amy@casalemedia[1].txt (ID = 2354)
2:02 PM: Found Spy Cookie: cassava cookie
2:02 PM: amy@cassava[1].txt (ID = 2362)
2:02 PM: amy@chineseculture.about[1].txt (ID = 2038)
2:02 PM: amy@chinesefood.about[2].txt (ID = 2038)
2:02 PM: amy@cnn.122.2o7[2].txt (ID = 1958)
2:02 PM: amy@compsimgames.about[1].txt (ID = 2038)
2:02 PM: Found Spy Cookie: did-it cookie
2:02 PM: amy@did-it[2].txt (ID = 2523)
2:02 PM: amy@dist.belnk[1].txt (ID = 2293)
2:02 PM: amy@email.about[2].txt (ID = 2038)
2:02 PM: amy@entrepreneur.122.2o7[1].txt (ID = 1958)
2:02 PM: Found Spy Cookie: experclick cookie
2:02 PM: amy@experclick[2].txt (ID = 2639)
2:02 PM: Found Spy Cookie: fastclick cookie
2:02 PM: amy@fastclick[1].txt (ID = 2651)
2:02 PM: amy@fengshui.about[2].txt (ID = 2038)
2:02 PM: Found Spy Cookie: gamespy cookie
2:02 PM: amy@gamespy[1].txt (ID = 2719)
2:02 PM: Found Spy Cookie: clickandtrack cookie
2:02 PM: amy@hits.clickandtrack[2].txt (ID = 2397)
2:02 PM: amy@home.about[1].txt (ID = 2038)
2:02 PM: Found Spy Cookie: homestore cookie
2:02 PM: amy@homestore[1].txt (ID = 2793)
2:02 PM: Found Spy Cookie: howstuffworks cookie
2:02 PM: amy@howstuffworks[1].txt (ID = 2805)
2:02 PM: Found Spy Cookie: hypertracker.com cookie
2:02 PM: amy@hypertracker[1].txt (ID = 2817)
2:02 PM: Found Spy Cookie: screensavers.com cookie
2:02 PM: amy@i.screensavers[2].txt (ID = 3298)
2:02 PM: Found Spy Cookie: ic-live cookie
2:02 PM: amy@ic-live[1].txt (ID = 2821)
2:02 PM: amy@interiordec.about[2].txt (ID = 2038)
2:02 PM: amy@media.cube.gamespy[1].txt (ID = 2719)
2:02 PM: Found Spy Cookie: mensniche cookie
2:02 PM: amy@mensniche[2].txt (ID = 2986)
2:02 PM: Found Spy Cookie: metareward.com cookie
2:02 PM: amy@metareward[1].txt (ID = 2990)
2:02 PM: amy@microsofteup.112.2o7[1].txt (ID = 1958)
2:02 PM: Found Spy Cookie: monstermarketplace cookie
2:02 PM: amy@monstermarketplace[1].txt (ID = 3006)
2:02 PM: Found Spy Cookie: nextag cookie
2:02 PM: amy@nextag[1].txt (ID = 5014)
2:02 PM: amy@painting.about[1].txt (ID = 2038)
2:02 PM: amy@personalweb.about[2].txt (ID = 2038)
2:02 PM: Found Spy Cookie: pricegrabber cookie
2:02 PM: amy@pricegrabber[1].txt (ID = 3185)
2:02 PM: Found Spy Cookie: questionmarket cookie
2:02 PM: amy@questionmarket[2].txt (ID = 3217)
2:02 PM: Found Spy Cookie: realmedia cookie
2:02 PM: amy@realmedia[2].txt (ID = 3235)
2:02 PM: amy@reunion[1].txt (ID = 3255)
2:02 PM: Found Spy Cookie: rn11 cookie
2:02 PM: amy@rn11[1].txt (ID = 3261)
2:02 PM: Found Spy Cookie: adjuggler cookie
2:02 PM: amy@rotator.adjuggler[2].txt (ID = 2071)
2:02 PM: amy@search.about[1].txt (ID = 2038)
2:02 PM: Found Spy Cookie: web-stat cookie
2:02 PM: amy@server3.web-stat[1].txt (ID = 3649)
2:02 PM: Found Spy Cookie: servlet cookie
2:02 PM: amy@servlet[1].txt (ID = 3345)
2:02 PM: amy@servlet[2].txt (ID = 3345)
2:02 PM: amy@servlet[3].txt (ID = 3345)
2:02 PM: Found Spy Cookie: directtrack cookie
2:02 PM: amy@sideshow.directtrack[2].txt (ID = 2528)
2:02 PM: amy@skateboard.about[1].txt (ID = 2038)
2:02 PM: Found Spy Cookie: starware.com cookie
2:02 PM: amy@starware[2].txt (ID = 3441)
2:02 PM: Found Spy Cookie: dealtime cookie
2:02 PM: amy@stat.dealtime[1].txt (ID = 2506)
2:02 PM: amy@teenadvice.about[2].txt (ID = 2038)
2:02 PM: Found Spy Cookie: toplist cookie
2:02 PM: amy@toplist[1].txt (ID = 3557)
2:02 PM: amy@webclipart.about[2].txt (ID = 2038)
2:02 PM: amy@weblogs.about[2].txt (ID = 2038)
2:02 PM: Found Spy Cookie: burstnet cookie
2:02 PM: amy@www.burstnet[1].txt (ID = 2337)
2:02 PM: Found Spy Cookie: myaffiliateprogram.com cookie
2:02 PM: amy@www.myaffiliateprogram[1].txt (ID = 3032)
2:02 PM: amy@www.screensavers[1].txt (ID = 3298)
2:02 PM: Found Spy Cookie: xiti cookie
2:02 PM: amy@xiti[1].txt (ID = 3717)
2:02 PM: Found Spy Cookie: yadro cookie
2:02 PM: amy@yadro[1].txt (ID = 3743)
2:02 PM: amy@yieldmanager[1].txt (ID = 3749)
2:02 PM: Found Spy Cookie: zedo cookie
2:02 PM: amy@zedo[1].txt (ID = 3762)
2:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
2:02 PM: Starting File Sweep
2:30 PM: Warning: Invalid Stream
2:30 PM: File Sweep Complete, Elapsed Time: 00:28:09
2:30 PM: Full Sweep has completed. Elapsed time 00:44:19
2:30 PM: Traces Found: 87
2:32 PM: Removal process initiated
2:32 PM: Quarantining All Traces: 2o7.net cookie
2:32 PM: Quarantining All Traces: 64.62.232 cookie
2:32 PM: Quarantining All Traces: 888 cookie
2:32 PM: Quarantining All Traces: about cookie
2:32 PM: Quarantining All Traces: addynamix cookie
2:32 PM: Quarantining All Traces: adecn cookie
2:32 PM: Quarantining All Traces: adjuggler cookie
2:32 PM: Quarantining All Traces: adknowledge cookie
2:32 PM: Quarantining All Traces: advertising cookie
2:32 PM: Quarantining All Traces: ask cookie
2:32 PM: Quarantining All Traces: askmen cookie
2:32 PM: Quarantining All Traces: atlas dmt cookie
2:32 PM: Quarantining All Traces: atwola cookie
2:32 PM: Quarantining All Traces: banners cookie
2:32 PM: Quarantining All Traces: belnk cookie
2:32 PM: Quarantining All Traces: belointeractive cookie
2:32 PM: Quarantining All Traces: bizrate cookie
2:32 PM: Quarantining All Traces: burstnet cookie
2:32 PM: Quarantining All Traces: casalemedia cookie
2:32 PM: Quarantining All Traces: cassava cookie
2:32 PM: Quarantining All Traces: clickandtrack cookie
2:32 PM: Quarantining All Traces: dealtime cookie
2:32 PM: Quarantining All Traces: did-it cookie
2:32 PM: Quarantining All Traces: directtrack cookie
2:32 PM: Quarantining All Traces: experclick cookie
2:32 PM: Quarantining All Traces: falkag cookie
2:32 PM: Quarantining All Traces: fastclick cookie
2:32 PM: Quarantining All Traces: gamespy cookie
2:32 PM: Quarantining All Traces: hbmediapro cookie
2:32 PM: Quarantining All Traces: homestore cookie
2:32 PM: Quarantining All Traces: howstuffworks cookie
2:32 PM: Quarantining All Traces: hypertracker.com cookie
2:32 PM: Quarantining All Traces: ic-live cookie
2:32 PM: Quarantining All Traces: mensniche cookie
2:32 PM: Quarantining All Traces: metareward.com cookie
2:32 PM: Quarantining All Traces: monstermarketplace cookie
2:32 PM: Quarantining All Traces: myaffiliateprogram.com cookie
2:32 PM: Quarantining All Traces: nextag cookie
2:32 PM: Quarantining All Traces: pointroll cookie
2:32 PM: Quarantining All Traces: pricegrabber cookie
2:32 PM: Quarantining All Traces: questionmarket cookie
2:32 PM: Quarantining All Traces: realmedia cookie
2:32 PM: Quarantining All Traces: reunion cookie
2:32 PM: Quarantining All Traces: rn11 cookie
2:32 PM: Quarantining All Traces: screensavers.com cookie
2:32 PM: Quarantining All Traces: servlet cookie
2:32 PM: Quarantining All Traces: specificclick.com cookie
2:32 PM: Quarantining All Traces: starware.com cookie
2:32 PM: Quarantining All Traces: toplist cookie
2:32 PM: Quarantining All Traces: web-stat cookie
2:32 PM: Quarantining All Traces: xiti cookie
2:32 PM: Quarantining All Traces: yadro cookie
2:32 PM: Quarantining All Traces: yieldmanager cookie
2:32 PM: Quarantining All Traces: zedo cookie
2:32 PM: Removal process completed. Elapsed time 00:00:07
********
1:45 PM: | Start of Session, Sunday, November 20, 2005 |
1:45 PM: Spy Sweeper started
1:45 PM: Sweep initiated using definitions version 574
1:45 PM: Starting Memory Sweep
1:45 PM: Sweep Canceled
1:45 PM: Memory Sweep Complete, Elapsed Time: 00:00:10
1:45 PM: Traces Found: 0
1:45 PM: | End of Session, Sunday, November 20, 2005 |
********
1:09 PM: | Start of Session, Sunday, November 20, 2005 |
1:09 PM: Spy Sweeper started
1:11 PM: Your spyware definitions have been updated.
1:45 PM: | End of Session, Sunday, November 20, 2005 |


Panda Active Scan

Incident Status Location
Adware:adware/otx No disinfected Windows Registry

Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 5:58:32 PM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1101000692\ee\AOLHostManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1101000692\ee\AOLServiceHost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\common files\aol\1101000692\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1101000692\ee\AOLServiceHost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101000692\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~1\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098556410218
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: FDFCXKNQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Amy\LOCALS~1\Temp\FDFCXKNQ.exe
O23 - Service: HZSQCKLM - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Amy\LOCALS~1\Temp\HZSQCKLM.exe
O23 - Service: LAA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Amy\LOCALS~1\Temp\LAA.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 November 2005 - 07:29 PM

This is wierd,None of the logs show much more than Cookies which isnt all that unusual.

The Tray icon for Mcafee Internet Security is chewing up 100% of the PC resources?

Hmm,check all your settings and firewall for Mcafee and be sure they are all active and updated please.

Im gonna study this logs a bit more.

Scan with SpySweeper once more after checking out Mcafee and lets see those results.

#8 AmyKitty

AmyKitty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 23 November 2005 - 03:49 AM

McAfee is up to date, set to standard security, and the only thing it's blocking is something called TODO <File description> appupdater.exe.

New spy sweeper log.
********
1:48 AM: | Start of Session, Wednesday, November 23, 2005 |
1:48 AM: Spy Sweeper started
1:48 AM: Sweep initiated using definitions version 574
1:48 AM: Starting Memory Sweep
1:53 AM: Memory Sweep Complete, Elapsed Time: 00:04:50
1:53 AM: Starting Registry Sweep
1:53 AM: Registry Sweep Complete, Elapsed Time:00:00:14
1:53 AM: Starting Cookie Sweep
1:53 AM: Found Spy Cookie: 2o7.net cookie
1:53 AM: amy@2o7[1].txt (ID = 1957)
1:53 AM: Found Spy Cookie: questionmarket cookie
1:53 AM: amy@questionmarket[1].txt (ID = 3217)
1:53 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:53 AM: Starting File Sweep
2:28 AM: File Sweep Complete, Elapsed Time: 00:34:34
2:28 AM: Full Sweep has completed. Elapsed time 00:39:47
2:28 AM: Traces Found: 2
2:38 AM: Removal process initiated
2:38 AM: Quarantining All Traces: 2o7.net cookie
2:38 AM: Quarantining All Traces: questionmarket cookie
2:38 AM: Removal process completed. Elapsed time 00:00:07
2:39 AM: Your spyware definitions have been updated.
********
10:02 PM: | Start of Session, Tuesday, November 22, 2005 |
10:02 PM: Spy Sweeper started
10:02 PM: Sweep initiated using definitions version 574
10:02 PM: Starting Memory Sweep
10:04 PM: Memory Sweep Complete, Elapsed Time: 00:01:22
10:04 PM: Starting Registry Sweep
10:04 PM: Registry Sweep Complete, Elapsed Time:00:00:11
10:04 PM: Starting Cookie Sweep
10:04 PM: Found Spy Cookie: websponsors cookie
10:04 PM: amy@a.websponsors[2].txt (ID = 3665)
10:04 PM: Found Spy Cookie: yieldmanager cookie
10:04 PM: amy@ad.yieldmanager[1].txt (ID = 3751)
10:04 PM: Found Spy Cookie: atwola cookie
10:04 PM: amy@atwola[1].txt (ID = 2255)
10:04 PM: Found Spy Cookie: nextag cookie
10:04 PM: amy@nextag[2].txt (ID = 5014)
10:04 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:04 PM: Starting File Sweep
10:43 PM: File Sweep Complete, Elapsed Time: 00:38:37
10:43 PM: Full Sweep has completed. Elapsed time 00:40:20
10:43 PM: Traces Found: 4
10:44 PM: Removal process initiated
10:44 PM: Quarantining All Traces: websponsors cookie
10:44 PM: Quarantining All Traces: yieldmanager cookie
10:44 PM: Quarantining All Traces: atwola cookie
10:44 PM: Quarantining All Traces: nextag cookie
10:44 PM: Removal process completed. Elapsed time 00:00:02
********
4:40 PM: | Start of Session, Sunday, November 20, 2005 |
4:40 PM: Spy Sweeper started
4:40 PM: Sweep initiated using definitions version 574
4:40 PM: Starting Memory Sweep
4:41 PM: Memory Sweep Complete, Elapsed Time: 00:00:43
4:41 PM: Starting Registry Sweep
4:41 PM: Registry Sweep Complete, Elapsed Time:00:00:11
4:41 PM: Starting Cookie Sweep
4:41 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:41 PM: Starting File Sweep
4:58 PM: File Sweep Complete, Elapsed Time: 00:16:19
4:58 PM: Full Sweep has completed. Elapsed time 00:17:19
4:58 PM: Traces Found: 0
10:02 PM: Program Version 4.5.7 (Build 656) Using Spyware Definitions 574
10:02 PM: | End of Session, Tuesday, November 22, 2005 |
********
1:45 PM: | Start of Session, Sunday, November 20, 2005 |
1:45 PM: Spy Sweeper started
1:45 PM: Sweep initiated using definitions version 574
1:46 PM: Starting Memory Sweep
1:57 PM: Memory Sweep Complete, Elapsed Time: 00:11:30
1:57 PM: Starting Registry Sweep
2:01 PM: Registry Sweep Complete, Elapsed Time:00:04:13
2:02 PM: Starting Cookie Sweep
2:02 PM: Found Spy Cookie: 2o7.net cookie
2:02 PM: amy@112.2o7[1].txt (ID = 1958)
2:02 PM: amy@2o7[1].txt (ID = 1957)
2:02 PM: Found Spy Cookie: 64.62.232 cookie
2:02 PM: amy@64.62.232[2].txt (ID = 1987)
2:02 PM: amy@64.62.232[3].txt (ID = 1987)
2:02 PM: amy@64.62.232[4].txt (ID = 1987)
2:02 PM: amy@64.62.232[5].txt (ID = 1987)
2:02 PM: amy@64.62.232[6].txt (ID = 1987)
2:02 PM: Found Spy Cookie: 888 cookie
2:02 PM: amy@888[1].txt (ID = 2019)
2:02 PM: amy@888[2].txt (ID = 2019)
2:02 PM: Found Spy Cookie: reunion cookie
2:02 PM: amy@ad.reunion[1].txt (ID = 3256)
2:02 PM: Found Spy Cookie: yieldmanager cookie
2:02 PM: amy@ad.yieldmanager[1].txt (ID = 3751)
2:02 PM: Found Spy Cookie: adecn cookie
2:02 PM: amy@adecn[2].txt (ID = 2063)
2:02 PM: Found Spy Cookie: adknowledge cookie
2:02 PM: amy@adknowledge[2].txt (ID = 2072)
2:02 PM: Found Spy Cookie: hbmediapro cookie
2:02 PM: amy@adopt.hbmediapro[2].txt (ID = 2768)
2:02 PM: Found Spy Cookie: specificclick.com cookie
2:02 PM: amy@adopt.specificclick[2].txt (ID = 3400)
2:02 PM: Found Spy Cookie: addynamix cookie
2:02 PM: amy@ads.addynamix[1].txt (ID = 2062)
2:02 PM: Found Spy Cookie: belointeractive cookie
2:02 PM: amy@ads.belointeractive[1].txt (ID = 2295)
2:02 PM: Found Spy Cookie: pointroll cookie
2:02 PM: amy@ads.pointroll[2].txt (ID = 3148)
2:02 PM: Found Spy Cookie: advertising cookie
2:02 PM: amy@advertising[2].txt (ID = 2175)
2:02 PM: Found Spy Cookie: about cookie
2:02 PM: amy@anime.about[1].txt (ID = 2038)
2:02 PM: Found Spy Cookie: falkag cookie
2:02 PM: amy@as-us.falkag[1].txt (ID = 2650)
2:02 PM: Found Spy Cookie: askmen cookie
2:02 PM: amy@askmen[1].txt (ID = 2247)
2:02 PM: Found Spy Cookie: ask cookie
2:02 PM: amy@ask[1].txt (ID = 2245)
2:02 PM: Found Spy Cookie: atlas dmt cookie
2:02 PM: amy@atdmt[2].txt (ID = 2253)
2:02 PM: Found Spy Cookie: belnk cookie
2:02 PM: amy@ath.belnk[2].txt (ID = 2293)
2:02 PM: Found Spy Cookie: atwola cookie
2:02 PM: amy@atwola[1].txt (ID = 2255)
2:02 PM: Found Spy Cookie: banners cookie
2:02 PM: amy@banners[2].txt (ID = 2282)
2:02 PM: amy@beauty.about[1].txt (ID = 2038)
2:02 PM: amy@belointeractive[1].txt (ID = 2294)
2:02 PM: Found Spy Cookie: bizrate cookie
2:02 PM: amy@bizrate[1].txt (ID = 2308)
2:02 PM: amy@cartoonnetwork.122.2o7[1].txt (ID = 1958)
2:02 PM: Found Spy Cookie: casalemedia cookie
2:02 PM: amy@casalemedia[1].txt (ID = 2354)
2:02 PM: Found Spy Cookie: cassava cookie
2:02 PM: amy@cassava[1].txt (ID = 2362)
2:02 PM: amy@chineseculture.about[1].txt (ID = 2038)
2:02 PM: amy@chinesefood.about[2].txt (ID = 2038)
2:02 PM: amy@cnn.122.2o7[2].txt (ID = 1958)
2:02 PM: amy@compsimgames.about[1].txt (ID = 2038)
2:02 PM: Found Spy Cookie: did-it cookie
2:02 PM: amy@did-it[2].txt (ID = 2523)
2:02 PM: amy@dist.belnk[1].txt (ID = 2293)
2:02 PM: amy@email.about[2].txt (ID = 2038)
2:02 PM: amy@entrepreneur.122.2o7[1].txt (ID = 1958)
2:02 PM: Found Spy Cookie: experclick cookie
2:02 PM: amy@experclick[2].txt (ID = 2639)
2:02 PM: Found Spy Cookie: fastclick cookie
2:02 PM: amy@fastclick[1].txt (ID = 2651)
2:02 PM: amy@fengshui.about[2].txt (ID = 2038)
2:02 PM: Found Spy Cookie: gamespy cookie
2:02 PM: amy@gamespy[1].txt (ID = 2719)
2:02 PM: Found Spy Cookie: clickandtrack cookie
2:02 PM: amy@hits.clickandtrack[2].txt (ID = 2397)
2:02 PM: amy@home.about[1].txt (ID = 2038)
2:02 PM: Found Spy Cookie: homestore cookie
2:02 PM: amy@homestore[1].txt (ID = 2793)
2:02 PM: Found Spy Cookie: howstuffworks cookie
2:02 PM: amy@howstuffworks[1].txt (ID = 2805)
2:02 PM: Found Spy Cookie: hypertracker.com cookie
2:02 PM: amy@hypertracker[1].txt (ID = 2817)
2:02 PM: Found Spy Cookie: screensavers.com cookie
2:02 PM: amy@i.screensavers[2].txt (ID = 3298)
2:02 PM: Found Spy Cookie: ic-live cookie
2:02 PM: amy@ic-live[1].txt (ID = 2821)
2:02 PM: amy@interiordec.about[2].txt (ID = 2038)
2:02 PM: amy@media.cube.gamespy[1].txt (ID = 2719)
2:02 PM: Found Spy Cookie: mensniche cookie
2:02 PM: amy@mensniche[2].txt (ID = 2986)
2:02 PM: Found Spy Cookie: metareward.com cookie
2:02 PM: amy@metareward[1].txt (ID = 2990)
2:02 PM: amy@microsofteup.112.2o7[1].txt (ID = 1958)
2:02 PM: Found Spy Cookie: monstermarketplace cookie
2:02 PM: amy@monstermarketplace[1].txt (ID = 3006)
2:02 PM: Found Spy Cookie: nextag cookie
2:02 PM: amy@nextag[1].txt (ID = 5014)
2:02 PM: amy@painting.about[1].txt (ID = 2038)
2:02 PM: amy@personalweb.about[2].txt (ID = 2038)
2:02 PM: Found Spy Cookie: pricegrabber cookie
2:02 PM: amy@pricegrabber[1].txt (ID = 3185)
2:02 PM: Found Spy Cookie: questionmarket cookie
2:02 PM: amy@questionmarket[2].txt (ID = 3217)
2:02 PM: Found Spy Cookie: realmedia cookie
2:02 PM: amy@realmedia[2].txt (ID = 3235)
2:02 PM: amy@reunion[1].txt (ID = 3255)
2:02 PM: Found Spy Cookie: rn11 cookie
2:02 PM: amy@rn11[1].txt (ID = 3261)
2:02 PM: Found Spy Cookie: adjuggler cookie
2:02 PM: amy@rotator.adjuggler[2].txt (ID = 2071)
2:02 PM: amy@search.about[1].txt (ID = 2038)
2:02 PM: Found Spy Cookie: web-stat cookie
2:02 PM: amy@server3.web-stat[1].txt (ID = 3649)
2:02 PM: Found Spy Cookie: servlet cookie
2:02 PM: amy@servlet[1].txt (ID = 3345)
2:02 PM: amy@servlet[2].txt (ID = 3345)
2:02 PM: amy@servlet[3].txt (ID = 3345)
2:02 PM: Found Spy Cookie: directtrack cookie
2:02 PM: amy@sideshow.directtrack[2].txt (ID = 2528)
2:02 PM: amy@skateboard.about[1].txt (ID = 2038)
2:02 PM: Found Spy Cookie: starware.com cookie
2:02 PM: amy@starware[2].txt (ID = 3441)
2:02 PM: Found Spy Cookie: dealtime cookie
2:02 PM: amy@stat.dealtime[1].txt (ID = 2506)
2:02 PM: amy@teenadvice.about[2].txt (ID = 2038)
2:02 PM: Found Spy Cookie: toplist cookie
2:02 PM: amy@toplist[1].txt (ID = 3557)
2:02 PM: amy@webclipart.about[2].txt (ID = 2038)
2:02 PM: amy@weblogs.about[2].txt (ID = 2038)
2:02 PM: Found Spy Cookie: burstnet cookie
2:02 PM: amy@www.burstnet[1].txt (ID = 2337)
2:02 PM: Found Spy Cookie: myaffiliateprogram.com cookie
2:02 PM: amy@www.myaffiliateprogram[1].txt (ID = 3032)
2:02 PM: amy@www.screensavers[1].txt (ID = 3298)
2:02 PM: Found Spy Cookie: xiti cookie
2:02 PM: amy@xiti[1].txt (ID = 3717)
2:02 PM: Found Spy Cookie: yadro cookie
2:02 PM: amy@yadro[1].txt (ID = 3743)
2:02 PM: amy@yieldmanager[1].txt (ID = 3749)
2:02 PM: Found Spy Cookie: zedo cookie
2:02 PM: amy@zedo[1].txt (ID = 3762)
2:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
2:02 PM: Starting File Sweep
2:30 PM: Warning: Invalid Stream
2:30 PM: File Sweep Complete, Elapsed Time: 00:28:09
2:30 PM: Full Sweep has completed. Elapsed time 00:44:19
2:30 PM: Traces Found: 87
2:32 PM: Removal process initiated
2:32 PM: Quarantining All Traces: 2o7.net cookie
2:32 PM: Quarantining All Traces: 64.62.232 cookie
2:32 PM: Quarantining All Traces: 888 cookie
2:32 PM: Quarantining All Traces: about cookie
2:32 PM: Quarantining All Traces: addynamix cookie
2:32 PM: Quarantining All Traces: adecn cookie
2:32 PM: Quarantining All Traces: adjuggler cookie
2:32 PM: Quarantining All Traces: adknowledge cookie
2:32 PM: Quarantining All Traces: advertising cookie
2:32 PM: Quarantining All Traces: ask cookie
2:32 PM: Quarantining All Traces: askmen cookie
2:32 PM: Quarantining All Traces: atlas dmt cookie
2:32 PM: Quarantining All Traces: atwola cookie
2:32 PM: Quarantining All Traces: banners cookie
2:32 PM: Quarantining All Traces: belnk cookie
2:32 PM: Quarantining All Traces: belointeractive cookie
2:32 PM: Quarantining All Traces: bizrate cookie
2:32 PM: Quarantining All Traces: burstnet cookie
2:32 PM: Quarantining All Traces: casalemedia cookie
2:32 PM: Quarantining All Traces: cassava cookie
2:32 PM: Quarantining All Traces: clickandtrack cookie
2:32 PM: Quarantining All Traces: dealtime cookie
2:32 PM: Quarantining All Traces: did-it cookie
2:32 PM: Quarantining All Traces: directtrack cookie
2:32 PM: Quarantining All Traces: experclick cookie
2:32 PM: Quarantining All Traces: falkag cookie
2:32 PM: Quarantining All Traces: fastclick cookie
2:32 PM: Quarantining All Traces: gamespy cookie
2:32 PM: Quarantining All Traces: hbmediapro cookie
2:32 PM: Quarantining All Traces: homestore cookie
2:32 PM: Quarantining All Traces: howstuffworks cookie
2:32 PM: Quarantining All Traces: hypertracker.com cookie
2:32 PM: Quarantining All Traces: ic-live cookie
2:32 PM: Quarantining All Traces: mensniche cookie
2:32 PM: Quarantining All Traces: metareward.com cookie
2:32 PM: Quarantining All Traces: monstermarketplace cookie
2:32 PM: Quarantining All Traces: myaffiliateprogram.com cookie
2:32 PM: Quarantining All Traces: nextag cookie
2:32 PM: Quarantining All Traces: pointroll cookie
2:32 PM: Quarantining All Traces: pricegrabber cookie
2:32 PM: Quarantining All Traces: questionmarket cookie
2:32 PM: Quarantining All Traces: realmedia cookie
2:32 PM: Quarantining All Traces: reunion cookie
2:32 PM: Quarantining All Traces: rn11 cookie
2:32 PM: Quarantining All Traces: screensavers.com cookie
2:32 PM: Quarantining All Traces: servlet cookie
2:32 PM: Quarantining All Traces: specificclick.com cookie
2:32 PM: Quarantining All Traces: starware.com cookie
2:32 PM: Quarantining All Traces: toplist cookie
2:32 PM: Quarantining All Traces: web-stat cookie
2:32 PM: Quarantining All Traces: xiti cookie
2:32 PM: Quarantining All Traces: yadro cookie
2:32 PM: Quarantining All Traces: yieldmanager cookie
2:32 PM: Quarantining All Traces: zedo cookie
2:32 PM: Removal process completed. Elapsed time 00:00:07
4:40 PM: Program Version 4.5.7 (Build 656) Using Spyware Definitions 574
4:40 PM: | End of Session, Sunday, November 20, 2005 |
********
1:45 PM: | Start of Session, Sunday, November 20, 2005 |
1:45 PM: Spy Sweeper started
1:45 PM: Sweep initiated using definitions version 574
1:45 PM: Starting Memory Sweep
1:45 PM: Sweep Canceled
1:45 PM: Memory Sweep Complete, Elapsed Time: 00:00:10
1:45 PM: Traces Found: 0
1:45 PM: | End of Session, Sunday, November 20, 2005 |
********
1:09 PM: | Start of Session, Sunday, November 20, 2005 |
1:09 PM: Spy Sweeper started
1:11 PM: Your spyware definitions have been updated.
1:45 PM: | End of Session, Sunday, November 20, 2005 |

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 November 2005 - 05:44 AM

Copy the text below into a blank notepad page and Save it to the desktop as Find.bat


dir \appupdater.exe /a h /s > File.txt



Double Click Find.bat and let it run,when the Dos window has closed,there should be a new text file on your desktop.


Now,Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Post the contents of the new Text File and the results of the Kaspersky scan in the next reply.

#10 AmyKitty

AmyKitty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 25 November 2005 - 03:55 PM

Is there any other free firewall service I could use? McAfee is so much trouble. It also likes to boot me off of everything but AOL when it updates. Very annoying playing Guild Wars or talking on Yahoo and it disconnects you.

File
Volume in drive C has no label.
Volume Serial Number is 7478-ABE9

Directory of C:\tmp

10/21/2004 01:46 PM 241,664 appupdater.exe
1 File(s) 241,664 bytes



kaspersky
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, November 25, 2005 14:04:17
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 25/11/2005
Kaspersky Anti-Virus database records: 161511
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 94089
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 4315 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 26 November 2005 - 02:02 AM

Theres a couple things we can do,I wouldnt want to cause you more grief by having you install another firewall.

Mcafee is obviously bought and paid for and a good mak for Mcafee is,they have thier owm forums.

I have visited them once or twice before and there are some very knowlegable folks there.

First,lets see if we can figure out what the appupdater.exe is all about.

Navigate to C:\tmp

Open that temp folder and locate appupdater.exe,right click and select properties and go through all the info there and see if you can associate it with any programs on your PC.

I dont usually even see the folder C:\tmp but it can be associated with something like Mcafee.


Here is what Sifo Mike PMed me about the Mcafee forums

Interesting reading

http://forums.mcafeehelp.com/viewtopic.php...ghlight=mpftray

http://forums.mcafeehelp.com/viewtopic.php...ghlight=mpftray


Let me know what ya find out about the appupdater file?

#12 AmyKitty

AmyKitty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 02 December 2005 - 09:27 PM

Appuodater seems to update something in windows I think. It was kind of hard to undertand the info on this page http://windowsforms.net/articles/appupdater.aspx .

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 December 2005 - 06:36 AM

I was reading the same thing and all the info in that file is bleak at best.

Have you tried asking around the Mcafee forums,they will know better how to deal with the tray icon than myself??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users