Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer Problems


  • Please log in to reply
13 replies to this topic

#1 spartan

spartan

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 07 January 2006 - 09:23 AM

Logfile of HijackThis v1.99.1
Scan saved at 9:17:06 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe
C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\vtstq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Windows Services Hosts] svhosts.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NI.UWA6P_0001_N56M1011] "C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe" -nag
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm471YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134601320015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkhhf - jkhhf.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\NKTAPI32.DLL (file missing)
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

BC AdBot (Login to Remove)

 


#2 spartan

spartan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 11 January 2006 - 07:46 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:45:05 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\vtstq.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Windows Services Hosts] svhosts.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm471YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134601320015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkhhf - jkhhf.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\NKTAPI32.DLL (file missing)
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 January 2006 - 06:30 PM

Hi spartan,

If you still need help,please post a fresh HijackThis log.

#4 spartan

spartan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 16 January 2006 - 06:20 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:15:40 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\vtstq.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Windows Services Hosts] svhosts.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm471YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134601320015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkhhf - jkhhf.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\NKTAPI32.DLL (file missing)
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Thanks for the response. I didn't delete anything, I'm not sure what you me at the end of your reply. Anyhow, here is a fresh log. Thanks

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 January 2006 - 07:34 PM

Took me a minute to figure out what your last comment was about.

Thats just part of my signature.


Lets see if we can dig a bit deeper and see whats inside there.


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and Please download Rootkit Revealer (link is at the very bottom of the page)
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save it to your desktop.
  • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here
Post back with a fresh HijackThis log and the reports from WinPFind and RootKitRevealer.

#6 spartan

spartan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 17 January 2006 - 06:23 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:16:02 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\vtstq.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Windows Services Hosts] svhosts.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm471YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134601320015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkhhf - jkhhf.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\NKTAPI32.DLL (file missing)
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

HKLM\SOFTWARE\Classes\webcal\URL Protocol 2/2/2005 1:35 PM 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Scheduler\mcupdtsk\Freq 1/17/2006 5:31 PM 36 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Scheduler\mcupdtsk\NextRun 1/17/2006 5:31 PM 36 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\LastConnected 1/17/2006 5:31 PM 40 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\~LastLogIdx 1/17/2006 5:31 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#078 1/17/2006 5:31 PM 254 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#079 1/17/2006 5:31 PM 192 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#080 1/17/2006 5:31 PM 164 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#081 1/17/2006 5:31 PM 102 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#082 1/17/2006 5:31 PM 590 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#083 1/17/2006 5:31 PM 1014 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#084 1/17/2006 5:31 PM 170 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#085 1/17/2006 5:31 PM 218 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\McAfee.com\Agent\Update\ResultLog\Log#086 1/17/2006 5:31 PM 164 bytes Windows API length not consistent with raw hive data.
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\Data\mcvsrpt.dat 1/17/2006 6:02 PM 590 bytes Hidden from Windows API.
C:\Documents and Settings\Michael Dixon\Local Settings\Temp\pcf1.tmp 1/17/2006 5:28 PM 533 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP268\A0048003.exe 10/28/2005 12:17 PM 7.68 MB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP316\A0054838.dll 12/8/2005 7:23 PM 27.01 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP318\A0055075.dll 12/8/2005 7:23 PM 27.01 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP319\A0055399.dll 12/8/2005 7:23 PM 27.01 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 1/17/2006 5:28 PM 64.00 KB Visible in Windows API, but not in MFT or directory index.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/4/2004 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 11/4/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 1/4/2006 10:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 10:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 6/22/2005 3:24:42 PM 142480 C:\WINDOWS\SYSTEM32\nC5594Om3.dll
aspack 8/4/2004 6:00:00 AM 708096 C:\WINDOWS\SYSTEM32\NTDLL.DLL
Umonitor 8/4/2004 6:00:00 AM 657920 C:\WINDOWS\SYSTEM32\RASDLG.DLL
winsync 8/4/2004 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/17/2006 5:10:10 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
1/15/2006 10:19:16 AM H 54156 C:\WINDOWS\QTFont.qfn
12/14/2005 6:59:40 PM H 0 C:\WINDOWS\INF\oem19.inf
12/14/2005 6:02:12 PM H 1193200 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9c6a857a536c230a49190993fc1c2a15\BIT20.tmp
12/9/2005 8:23:18 AM HS 351827 C:\WINDOWS\SYSTEM32\qtstv.bak1
1/11/2006 5:54:22 PM HS 319191 C:\WINDOWS\SYSTEM32\qtstv.bak2
12/10/2005 12:53:06 PM HS 373406 C:\WINDOWS\SYSTEM32\qtstv.ini
1/11/2006 6:16:34 PM HS 319988 C:\WINDOWS\SYSTEM32\qtstv.ini2
12/12/2005 8:20:04 AM HS 375702 C:\WINDOWS\SYSTEM32\qtstv.tmp
11/27/2005 9:19:14 AM HS 405681 C:\WINDOWS\SYSTEM32\vvvwa.bak2
11/27/2005 9:39:42 AM HS 406596 C:\WINDOWS\SYSTEM32\vvvwa.ini2
11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 6:09:36 PM S 11223 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/17/2006 5:10:00 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
1/17/2006 5:10:28 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
1/17/2006 5:10:12 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
1/17/2006 5:10:30 PM H 73728 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
1/17/2006 5:10:16 PM H 942080 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
1/11/2006 5:56:50 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
12/12/2005 5:38:42 AM S 1047 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC
12/12/2005 5:38:42 AM S 1370 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB
12/12/2005 5:38:42 AM S 126 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC
12/12/2005 5:38:42 AM S 194 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB
11/27/2005 6:53:12 AM HS 233472 C:\WINDOWS\SYSTEM32\DirectX\Dinput\Thumbs.db
1/17/2006 5:08:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT
1/8/2006 4:15:48 PM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
1/8/2006 4:15:48 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
1/8/2006 4:15:48 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\C5I9CX6P\desktop.ini
1/8/2006 4:15:48 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K9W96LUT\desktop.ini
1/8/2006 4:15:48 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QFAR0XYZ\desktop.ini
1/8/2006 4:15:48 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W3YX6H6H\desktop.ini
11/27/2005 8:04:10 AM HS 65536 C:\WINDOWS\Web\Wallpaper\Thumbs.db

Checking for CPL files...
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 549888 C:\WINDOWS\SYSTEM32\APPWIZ.CPL
Borland Software Corporation 10/7/2003 2:39:00 PM 184320 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 135168 C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 80384 C:\WINDOWS\SYSTEM32\FIREWALL.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 155136 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
Intel Corporation 9/20/2005 9:35:12 AM 77824 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 358400 C:\WINDOWS\SYSTEM32\INETCPL.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 129536 C:\WINDOWS\SYSTEM32\INTL.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 380416 C:\WINDOWS\SYSTEM32\IRPROPS.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\JOY.CPL
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 618496 C:\WINDOWS\SYSTEM32\MMSYS.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 25600 C:\WINDOWS\SYSTEM32\NETSETUP.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 257024 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 32768 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 114688 C:\WINDOWS\SYSTEM32\POWERCFG.CPL
Intel® Corporation 3/2/2004 12:39:06 PM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 298496 C:\WINDOWS\SYSTEM32\SYSDM.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 94208 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
Microsoft Corporation 8/4/2004 6:00:00 AM 148480 C:\WINDOWS\SYSTEM32\WSCUI.CPL
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 135168 C:\WINDOWS\SYSTEM32\DLLCACHE\desk.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 155136 C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 257024 C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 155648 C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 298496 C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 148480 C:\WINDOWS\SYSTEM32\DLLCACHE\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 1/23/2005 9:33:44 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/3/2005 7:34:58 AM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
8/10/2004 2:04:12 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
2/2/2005 1:25:38 PM 493 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/10/2004 1:57:42 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
1/15/2006 10:21:14 AM 1759 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
8/10/2004 2:04:12 PM HS 84 C:\Documents and Settings\Michael Dixon\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
8/10/2004 1:57:42 PM HS 62 C:\Documents and Settings\Michael Dixon\Application Data\DESKTOP.INI
2/7/2005 7:58:14 PM 12358 C:\Documents and Settings\Michael Dixon\Application Data\PFP120JCM.{PB
2/7/2005 7:58:14 PM 61678 C:\Documents and Settings\Michael Dixon\Application Data\PFP120JPR.{PB

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
Comcast Toolbar = C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A1A109F-58B3-414B-9829-5F4D9BE5FEDE}
ATLDistrib Object = C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}
ButtonText = MUSICMATCH MX Web Player :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMAXPnP C:\Program Files\Analog Devices\Core\smax4pnp.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
VSOCheckTask "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
Dell Photo AIO Printer 922 "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
VirusScan Online C:\Program Files\McAfee.com\VSO\mcvsshld.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
tgcmd "C:\Program Files\Support.com\bin\tgcmd.exe" /server
Windows Services Hosts svhosts.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe
OASClnt C:\Program Files\McAfee.com\VSO\oasclnt.exe
MimBoot C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
igfxtray C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd C:\WINDOWS\system32\hkcmd.exe
igfxpers C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
Microsoft Windows DLL Services Configuration windir32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PhotoShow Deluxe Media Manager C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
disableregistrytools 0
disabletaskmgr 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxdev.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkhhf
= jkhhf.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions
= C:\WINDOWS\system32\NKTAPI32.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtstq
= C:\WINDOWS\system32\vtstq.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/17/2006 5:17:55 PM


Wow this is alot of stuff. Followed your instructions, thanks for the help so far

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 18 January 2006 - 05:39 AM

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\nC5594Om3.dll
    C:\WINDOWS\SYSTEM32\qtstv.bak1
    C:\WINDOWS\SYSTEM32\qtstv.bak2
    C:\WINDOWS\SYSTEM32\qtstv.ini
    C:\WINDOWS\SYSTEM32\qtstv.ini2
    C:\WINDOWS\SYSTEM32\qtstv.tmp
    C:\WINDOWS\SYSTEM32\vvvwa.bak2
    C:\WINDOWS\SYSTEM32\vvvwa.ini2
    C:\WINDOWS\SYSTEM32\svhosts.exe
    C:\WINDOWS\SYSTEM32\windir32.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.



Reboot into SAFE MODE(Tap F8 when restarting)


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\system32\vtstq.dll (file missing)

O4 - HKLM\..\Run: [Windows Services Hosts] svhosts.exe

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O20 - Winlogon Notify: jkhhf - jkhhf.dll (file missing)

O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\NKTAPI32.DLL (file missing)

O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the report from Panda

#8 spartan

spartan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 18 January 2006 - 07:15 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:10:43 PM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Windows Services Hosts] svhosts.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm471YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134601320015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Incident Status Location

Adware:adware/ncase Not disinfected C:\TEMP\salmau.dat
Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\bargain4.exe
Adware:adware/ieplugin Not disinfected C:\WINDOWS\rgrt.exe
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Adware:adware/topmoxie Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@ad.yieldmanager[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@adultfriendfinder[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@ask[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@burstnet[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@go[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@stats1.reliablestats[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@www.burstbeacon[2].txt
Adware:Adware/nCase Not disinfected C:\!KillBox\nC5594Om3.dll
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq31.tmp
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq538.tmp
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\April Dixon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-2f55a78e.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\April Dixon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-2f55a78e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\April Dixon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-2f55a78e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\April Dixon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-2f55a78e.zip[Beyond.class]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@adrevolver[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@adultfriendfinder[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@as1.falkag[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@ask[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@ath.belnk[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@azjmp[2].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[10].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[14].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[15].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[1].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[2].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[3].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[4].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[5].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@belnk[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@casalemedia[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@go[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@hc2.humanclick[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@offeroptimizer[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@overture[2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@paypopup[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@perf.overture[1].txt
Spyware:Cookie/Transponder Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@pyn.pynix[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@revenue[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@rn11[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@stats1.reliablestats[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@www.burstbeacon[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@zedo[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@adultfriendfinder[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@as-us.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@as1.falkag[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ath.belnk[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@belnk[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@c.enhance[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@casalemedia[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ct.360i[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@i.screensavers[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@maxserving[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@serving-sys[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@stats1.reliablestats[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@tribalfusion[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@z1.adserver[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@ad.yieldmanager[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@adultfriendfinder[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@ask[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@burstnet[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@go[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@stats1.reliablestats[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@www.burstbeacon[2].txt

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 18 January 2006 - 07:58 PM

Can you post the entire Panda log,looks like it got cut off.

Go ahead and use Killbox just as before and delete these files

C:\TEMP\salmau.dat
C:\WINDOWS\bargain4.exe
C:\WINDOWS\rgrt.exe



Post back with the entire panda log please.

#10 spartan

spartan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 18 January 2006 - 10:25 PM

Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@belnk[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@c.enhance[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@casalemedia[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ct.360i[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@i.screensavers[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@maxserving[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@serving-sys[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@stats1.reliablestats[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@tribalfusion[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@z1.adserver[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@ad.yieldmanager[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@adultfriendfinder[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@ask[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@burstnet[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@go[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@stats1.reliablestats[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@www.burstbeacon[2].txt

Edited by spartan, 18 January 2006 - 10:31 PM.


#11 spartan

spartan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 18 January 2006 - 10:29 PM

Incident Status Location

Adware:adware/ncase Not disinfected C:\TEMP\salmau.dat
Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\bargain4.exe
Adware:adware/ieplugin Not disinfected C:\WINDOWS\rgrt.exe
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Adware:adware/topmoxie Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@ad.yieldmanager[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@adultfriendfinder[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@ask[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@burstnet[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@go[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@stats1.reliablestats[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@www.burstbeacon[2].txt
Adware:Adware/nCase Not disinfected C:\!KillBox\nC5594Om3.dll
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq31.tmp
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq538.tmp
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\April Dixon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-2f55a78e.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\April Dixon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-2f55a78e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\April Dixon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-2f55a78e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\April Dixon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-2f55a78e.zip[Beyond.class]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@adrevolver[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@adultfriendfinder[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@as1.falkag[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@ask[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@ath.belnk[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@azjmp[2].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[10].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[14].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[15].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[1].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[2].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[3].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[4].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@a[5].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@belnk[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@casalemedia[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@go[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@hc2.humanclick[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@offeroptimizer[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@overture[2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@paypopup[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@perf.overture[1].txt
Spyware:Cookie/Transponder Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@pyn.pynix[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@revenue[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@rn11[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@stats1.reliablestats[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@www.burstbeacon[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\April Dixon\Cookies\april dixon@zedo[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@adultfriendfinder[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@as-us.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@as1.falkag[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ath.belnk[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@belnk[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@c.enhance[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@casalemedia[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@ct.360i[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@i.screensavers[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@maxserving[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@serving-sys[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@stats1.reliablestats[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@tribalfusion[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Heather Dixon\Cookies\heather dixon@z1.adserver[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@ad.yieldmanager[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@adultfriendfinder[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@ask[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@burstnet[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@go[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@stats1.reliablestats[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@www.burstbeacon[2].txt

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 19 January 2006 - 06:11 AM

Go to C:\Documents and Settings

Under each account there,search for a folder labeled--> Cookies--> Open and delete all contents inside.

For instance--> C:\Documents and Settings\Michael Dixon

C:\Documents and Settings\April Dixon

C:\Documents and Settings\All Users


Restart and scan once more with Panda,post those results and lets have a look.

Edited by Cretemonster, 19 January 2006 - 06:13 AM.


#13 spartan

spartan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 20 January 2006 - 08:31 PM

Incident Status Location

Adware:adware/ncase Not disinfected C:\TEMP\salm_kyf.dat
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Adware:adware/topmoxie Not disinfected Windows Registry
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@tribalfusion[1].txt
Adware:Adware/nCase Not disinfected C:\!KillBox\nC5594Om3.dll
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq31.tmp
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq538.tmp
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael Dixon\Cookies\michael dixon@tribalfusion[1].txt
Spyware:Cookie/Overture Not disinfected C:\RECYCLER\S-1-5-21-852281504-378459979-437873119-1006\Dc18.txt
Spyware:Cookie/2o7.net Not disinfected C:\RECYCLER\S-1-5-21-852281504-378459979-437873119-1006\Dc2.txt
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-852281504-378459979-437873119-1006\Dc20.txt
Spyware:Cookie/Tradedoubler Not disinfected C:\RECYCLER\S-1-5-21-852281504-378459979-437873119-1006\Dc23.txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\S-1-5-21-852281504-378459979-437873119-1006\Dc24.txt
Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\S-1-5-21-852281504-378459979-437873119-1006\Dc29.txt
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\S-1-5-21-852281504-378459979-437873119-1006\Dc3.txt
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\S-1-5-21-852281504-378459979-437873119-1006\Dc30.txt

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 January 2006 - 08:02 AM

Use Pocket Killbox and delete this file

C:\TEMP\salm_kyf.dat


Copy the text below to a blank notepad page and save it to the desktop as Clr.reg


REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]

[-HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}]



Double Click Clr.reg and allow it to merge into the registry.


Copy & paste the text in bold below into notepad and save it as recyclerem.bat
(Set filetype to "All Files")


attrib -r -s -h %systemdrive%\Recycler
del %systemdrive%\Recycler
attrib -r -s -h %systemdrive%\Recycled
del %systemdrive%\Recycled
shutdown /r /t 0 /f


Close all programs and doubleclick recyclerem.bat

Your computer will reboot and you will have a shiny new (empty) recycle bin.


Restart normal and have the PC scanned here
http://www.bitdefender.com/scan/licence.php

Save any results and post them along with a fresh HijackThis log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users