Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying Again


  • Please log in to reply
13 replies to this topic

#1 realgem63

realgem63

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 19 November 2006 - 10:10 AM

I used Spirit Wind's link and it worked! It did a scan and now I can post the results.I'm just not sure if this will take care of the icon with the 15 minute pop up balloon!Thank you all for your replies.Please have patience though,as I am but a lowly carpenter who is hunting and pecking at the keys.My computer is used by me,my girlfriend,her son and the neighbor's 2 sons so keeping up with maintainance is sometimes hard.So thank you again and here are the results of the scan:Logfile of HijackThis v1.99.1
Scan saved at 9:55:40 AM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Perfect Codec\isaddon.dll (file missing)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEListener Class - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: (no name) - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\b.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Microsoft Update Machine] cssrssv.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572JJUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll (file missing)
O20 - Winlogon Notify: vtstq - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - C:\WINDOWS\system32\jbtazy.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 19 November 2006 - 10:54 AM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
============================

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 realgem63

realgem63
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 19 November 2006 - 11:22 AM

I'll try this.But it seems pretty scary! The only question I have is how do I get out of safe mode?Does it happen automatically or do I have to do something to make it happen?Thank you!!
Mike

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 19 November 2006 - 12:53 PM

Gettting out of safe mode is just a matter of rebooting and not doing anything
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 realgem63

realgem63
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 21 November 2006 - 10:52 PM

OK here goes:SmitFraudFix v2.123

Scan done at 20:37:25.79, Tue 11/21/2006
Run from C:\Documents and Settings\Michael Ruby\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ab340860-fd81-4a65-b345-82eb77a66b5e}"="featherweed"

[HKEY_CLASSES_ROOT\CLSID\{ab340860-fd81-4a65-b345-82eb77a66b5e}\InProcServer32]
@="C:\WINDOWS\system32\jbtazy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ab340860-fd81-4a65-b345-82eb77a66b5e}\InProcServer32]
@="C:\WINDOWS\system32\jbtazy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Perfect Codec\ Deleted
C:\Program Files\VideoCompressionCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

That is the first part.I don't know what it means but it did remove my background.No big deal.Now here is the second report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:27:08 PM 11/21/2006

+ Scan result:



C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP269\A0075800.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP349\A0087875.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP349\A0087882.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP349\A0087883.EXE -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP349\A0087886.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1228426933-3454543841-4205687111-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Tina Shultz\Local Settings\Temp\em1356\HbTools.mlpX -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Tina Shultz\Local Settings\Temp\em276\HbTools.mlpX -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Tina Shultz\Local Settings\Temp\em5956\HbTools.mlpX -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP253\A0068198.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP253\A0068200.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP253\A0068201.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP271\A0075924.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP271\A0075926.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP271\A0075927.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP349\A0087867.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP349\A0087870.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP349\A0087871.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP349\A0087889.DLL -> Adware.IWon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP349\A0087909.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-1228426933-3454543841-4205687111-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-1228426933-3454543841-4205687111-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-1228426933-3454543841-4205687111-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-1228426933-3454543841-4205687111-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Bobby Shultz\Local Settings\Temp\Temporary Internet Files\Content.IE5\1IJDOB8J\HeavyWeaponSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\CabelasGrandSlamHunting2-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKU\S-1-5-21-1228426933-3454543841-4205687111-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B313D637-F405-4052-AC37-E2119AB3C8F8} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP346\A0087560.exe -> Adware.VirusBursters : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup (quarantined).
HKU\S-1-5-21-1228426933-3454543841-4205687111-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup (quarantined).
HKU\S-1-5-21-1228426933-3454543841-4205687111-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP349\A0087877.DLL -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP353\A0088121.dll -> Downloader.Small.dzp : Cleaned with backup (quarantined).
C:\Documents and Settings\Bobby Shultz\My Documents\Morpheus Shared\Downloads\01 Track 1.wma -> Downloader.Wimad.d : Cleaned with backup (quarantined).
:mozilla.411:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.412:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.413:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.258:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.259:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.260:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.261:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.263:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.264:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.274:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.275:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.276:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.277:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.278:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.279:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.281:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.282:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.283:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.284:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.285:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.286:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.287:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.288:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.289:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.290:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.291:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.292:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.293:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.294:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.295:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.296:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.297:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.298:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.299:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.300:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.301:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.302:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.462:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.512:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.557:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.631:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.651:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.667:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.726:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby Shultz\Cookies\bobby shultz@cardeanuniversity.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby Shultz\Cookies\bobby shultz@deloitte.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby Shultz\Cookies\bobby shultz@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby Shultz\Cookies\bobby shultz@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby Shultz\Cookies\bobby shultz@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby Shultz\Cookies\bobby shultz@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby Shultz\Local Settings\Temp\Cookies\bobby shultz@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Michael Ruby\Cookies\michael ruby@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Michael Ruby\Cookies\michael ruby@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Michael Ruby\Cookies\michael ruby@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Michael Ruby\Cookies\michael ruby@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Michael Ruby\Cookies\michael ruby@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@incredimailltd.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@ning.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@reunioncom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@simplestar.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@tgn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.409:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.522:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.523:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.524:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.700:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.701:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.702:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.703:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.704:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.705:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.706:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.707:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.831:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.832:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.833:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.19:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.244:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.245:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.381:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.382:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.736:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Bobby Shultz\Cookies\bobby shultz@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Bobby Shultz\Local Settings\Temp\Cookies\bobby shultz@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.300:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.38:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.39:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.41:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.401:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.402:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.412:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.413:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.11:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.109:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.61:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.213:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.672:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.270:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@cc.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.193:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.545:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.186:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.187:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.191:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.219:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.220:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Michael Ruby\Cookies\michael ruby@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.153:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.154:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.78:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.671:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.496:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Bobby Shultz\Cookies\bobby shultz@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Bobby Shultz\Local Settings\Temp\Cookies\bobby shultz@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.476:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.669:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Michael Ruby\Cookies\michael ruby@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.41:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.400:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.713:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.22:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.335:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.336:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.411:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Bobby Shultz\Cookies\bobby shultz@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.304:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.305:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.306:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.307:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.308:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.309:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.32:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.34:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.35:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.166:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.178:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.364:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.415:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.422:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.425:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.895:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.896:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.897:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.898:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.899:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.900:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.901:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.902:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.903:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.100:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.10:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.11:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.12:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.162:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.292:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.293:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.320:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.321:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.457:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.719:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.720:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.723:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.724:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.725:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.727:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.179:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.203:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.204:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.205:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.206:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.217:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.423:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.424:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.467:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.468:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.469:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.844:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.845:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.846:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.847:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.850:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.851:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.852:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.144:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.246:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.149:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.333:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.334:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Tina Shultz\Cookies\tina shultz@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.196:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.197:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.144:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.145:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.146:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.486:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.60:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.61:C:\Documents and Settings\Bobby Shultz\Application Data\Mozilla\Firefox\Profiles\xdkwean2.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.688:C:\Documents and Settings\Michael Ruby\Application Data\Mozilla\Firefox\Profiles\mf85skrn.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.79:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.80:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.85:C:\Documents and Settings\Tina Shultz\Application Data\Mozilla\Firefox\Profiles\3tyf0c67.default\cookies.txt -

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 22 November 2006 - 10:12 AM

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 realgem63

realgem63
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 22 November 2006 - 05:08 PM

I downloaded the Vundofix program and ran it.It ran for less than 30 seconds and said no infected files were found.I did it again and got the same results.I don't know if that's good or bad.One good thing that has happened is the Virusbursters balloon is gone!Do you think I need more work or is this it?One other question I have is all the programs I downloaded when I started this,do I keep them and run them on a certain schedule or do I remove some and keep some others?Is there a set way to scan and with what programs?I have McAfee free wih Comcast and I usually run that scan once a week.I did have Adaware SE and ran that 2-3 times a week.I guess what I'm asking is what do I run and when and how often?Sorry for being a pain but I truly appreciate your help.I do want to donate some money but I'm not in the best shape financially.How much is a good amount?I don't want to just guess and send an amount that would be insulting.Thank you!
Mike

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 22 November 2006 - 05:21 PM

Any amt is good - run AdAware weekly

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 realgem63

realgem63
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 23 November 2006 - 09:09 AM

Here's the next log you asked for:Michael Ruby - 06-11-23 8:56:10.43 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Michael Ruby\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll


((((((((((((((((((((((((((((((( Files Created from 2006-10-23 to 2006-11-23 ))))))))))))))))))))))))))))))))))


2006-11-22 19:39 <DIR> d-------- C:\Program Files\Trymedia
2006-11-22 19:37 <DIR> d-------- C:\Program Files\Atari-Infogrames
2006-11-22 16:51 <DIR> d-------- C:\VundoFix Backups
2006-11-21 20:44 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-21 20:44 <DIR> d-------- C:\Program Files\Grisoft
2006-11-21 20:37 4,368 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-18 15:12 <DIR> d-------- C:\Program Files\HijackThis
2006-11-18 15:08 <DIR> d-------- C:\Program Files\Windows Defender
2006-11-18 15:06 <DIR> d-------- C:\WINDOWS\Internet Logs
2006-11-18 15:06 <DIR> d-------- C:\Program Files\Zone Labs
2006-11-18 13:45 <DIR> d-------- C:\Documents and Settings\Michael Ruby\.housecall6.6
2006-11-18 13:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-18 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-17 23:13 <DIR> d-------- C:\Program Files\MySpace
2006-11-17 22:15 <DIR> d-------- C:\Documents and Settings\Michael Ruby\Application Data\ParetoLogic
2006-11-17 22:11 <DIR> d-------- C:\Program Files\Registry Mechanic
2006-11-17 22:06 <DIR> d-------- C:\Program Files\Add Remove Pro
2006-11-15 22:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-15 22:49 <DIR> d-------- C:\a5bfe0b882396d8b9eb175280c85
2006-11-15 22:49 <DIR> d-------- C:\8f9db8b4b559a15138b2a62debca9905
2006-11-13 20:31 <DIR> d-------- C:\WINDOWS\system32\slideApp
2006-11-13 20:28 <DIR> d--hs---- C:\WINDOWS\ftpcache
2006-11-13 20:24 <DIR> d-------- C:\Program Files\Slide
2006-11-11 16:42 <DIR> d-------- C:\Program Files\MP3 Downloads
2006-11-04 20:25 1,321,744 --a------ C:\WINDOWS\system32\msxml6.dll
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-23 08:50 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-22 17:56 -------- d-------- C:\Program Files\Morpheus
2006-11-22 16:54 -------- d-------- C:\Program Files\Dl_cats
2006-11-21 20:35 56 -r-hs---- C:\WINDOWS\system32\3A98EF9C48.sys
2006-11-21 20:35 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-18 21:08 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-18 21:08 -------- d-------- C:\Program Files\AOL
2006-11-18 21:05 -------- d-------- C:\Program Files\Yahoo!
2006-11-17 23:15 -------- d-------- C:\Program Files\IncrediMail
2006-11-15 22:49 -------- d-------- C:\Program Files\Internet Explorer
2006-11-05 12:34 -------- d-------- C:\Documents and Settings\Michael Ruby\Application Data\Creative
2006-10-23 18:39 -------- d-------- C:\Program Files\FilmLoop Player
2006-10-21 06:47 -------- d-a------ C:\Program Files\Common Files
2006-10-21 06:47 -------- d-------- C:\Program Files\PokerStars
2006-10-21 06:41 -------- d-------- C:\Program Files\HighGrow
2006-10-18 18:40 -------- d-------- C:\Program Files\Music Express
2006-10-18 17:15 -------- d-------- C:\Program Files\Creative Memories
2006-10-18 17:09 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-17 16:15 -------- d-------- C:\Program Files\Common Files\xing shared
2006-10-17 16:15 -------- d-------- C:\Program Files\Common Files\Real
2006-10-17 16:15 -------- d-------- C:\Documents and Settings\Michael Ruby\Application Data\Real
2006-10-17 16:14 -------- d-------- C:\Program Files\Real
2006-10-14 17:07 -------- d-------- C:\Program Files\PopCap Games
2006-10-14 17:04 -------- d-------- C:\Program Files\Infogrames
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-11 06:02 -------- d-------- C:\Program Files\Windows Media Player
2006-10-11 06:02 -------- d-------- C:\Program Files\iTunes
2006-10-11 06:01 -------- d-------- C:\Program Files\Last.fm
2006-10-09 16:15 1669632 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-09 16:12 456192 --a------ C:\WINDOWS\system32\encdec.dll
2006-10-09 16:12 291840 --a------ C:\WINDOWS\system32\sbe.dll
2006-10-09 16:12 235008 --------- C:\WINDOWS\system32\psisdecd.dll
2006-10-05 18:17 -------- d-------- C:\Program Files\netGangsters
2006-10-03 18:49 -------- d-------- C:\Program Files\Drug Wars
2006-10-01 10:18 -------- d-------- C:\Program Files\MTV Networks
2006-10-01 10:11 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-29 19:54 -------- d-------- C:\Program Files\Lavasoft
2006-09-29 19:54 -------- d-------- C:\Documents and Settings\Michael Ruby\Application Data\Lavasoft
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 21:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 21:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 21:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 21:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 21:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 21:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 21:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 21:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 21:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 21:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 21:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 21:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 21:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 21:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 21:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 21:30 532992 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 21:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 21:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 21:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 21:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 21:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 21:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 21:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 21:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 21:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 21:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 21:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 21:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 21:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 21:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 21:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 21:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 21:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 21:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 21:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 21:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 21:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 21:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 21:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-24 21:30 211968 --a------ C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 21:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 21:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 21:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 21:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 21:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 21:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 21:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 21:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 21:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 21:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 21:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 21:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 21:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 21:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 21:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 21:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 21:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 21:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 21:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 19:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 19:27 249344 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-08-24 19:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 19:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 18:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 18:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 18:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 18:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-24 14:28 1036 --a------ C:\cyc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\PROGRA~1\\MSNMES~1\\msnmsgr.exe\" /background"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"Microsoft Update Machine"="cssrssv.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Dell Photo AIO Printer 942"="\"C:\\Program Files\\Dell Photo AIO Printer 942\\dlbubmgr.exe\""
"DellMCM"="\"C:\\Program Files\\Dell Photo AIO Printer 942\\memcard.exe\""
"DLBUCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLBUtime.dll,_RunDLLEntry@16"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\b.bin\\mwsoemon.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhh
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstq

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-23 8:59:18.82
C:\ComboFix.txt ... 06-11-23 08:59
Do you know much about the Spybot program?It pops up occasionally and asks about registry changes.I'm not sure what to do most times so I guess at it.The window is messed up and I can't really see the options they want me to choose,so I don't know if what I'm clicking is right.Do I need this or can I maybe remove it and download it again?Thanks,mike

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 23 November 2006 - 11:16 AM

TeaTimer is trying to let you know if something bad is trying to change the registry - but if you are doing something that would do it you want to give it A for accept or D for decline

Need a new hijack log

Edited by MFDnSC, 23 November 2006 - 11:16 AM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 realgem63

realgem63
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 24 November 2006 - 10:08 AM

I guess you meant run the Hijackthis scan so I did and here's the results:Logfile of HijackThis v1.99.1
Scan saved at 9:58:29 AM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEListener Class - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\b.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Microsoft Update Machine] cssrssv.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572JJUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll (file missing)
O20 - Winlogon Notify: vtstq - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

Thanks for the help!

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 24 November 2006 - 10:32 AM

May sure you allow this changes with teatimer


You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: (no name) - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)

O2 - BHO: IEListener Class - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\b.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] cssrssv.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572JJUS

O20 - Winlogon Notify: jkhhh - C:\WINDOWS\

O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll (file missing)

O20 - Winlogon Notify: vtstq - C:\WINDOWS\

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\cssrssv.exe
C:\PROGRA~1\MYWEBS~1


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 realgem63

realgem63
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 24 November 2006 - 01:41 PM

The Killbox program said both files you told me to delete did not exist.I did another hijackthis scan and here is the info:Logfile of HijackThis v1.99.1
Scan saved at 1:33:08 PM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

The system seems to be running fine.The only difference is now when I click on my settings,the computer sounds like an airplane taking off several times.You hear it winding up and down a few times then it loads .I don't know if this is normal or not.Thanks again!
P.S. Hope you're having a nice holiday!

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 24 November 2006 - 03:38 PM

Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
===============

Go to Control Panel - sounds and turn them off
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users