PDA

View Full Version : Help with removal of Vundo, VSADD-in, Spyhunter, DeluxeCommunications, amoung others



geraldgrogan
2006-11-18, 03:27
Windows XP pro suddenly infected with several trojans and spyware, which I have not been able to get rid of dispite attempting to follow some of the sticky posted in this forum.

Please help. My wife wants her PC back some day soon. :sad:

So far I have followed the steps requested, by running the on-line scan on 'Trend Micro Online Scan'. I ran it twice untiil there was no infected objects. Sorry, but there was no report produced from what I could tell. My local Virus scan is McAfee VirusScan Plus v10.

The requested HJT log is pasted below.

Logfile of HijackThis v1.99.1
Scan saved at 7:07:52 PM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\RhinoSoft.com\FTP Voyager\FVScheduler.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AnalogX\FastCache\fc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Ovulation Calendar\OVUCAL.EXE
C:\Program Files\xampp\mysql\bin\winmysqladmin.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\explorer.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A5EB734-CF6D-44D1-92CB-65192EA96072} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AB7AED90-B609-45D5-8062-BB1AE59E1DCB} - \
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CBA0A64A-7002-4C91-BF72-266F0FB7F0FF} - \
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [FastCache] C:\Program Files\AnalogX\FastCache\fc.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HomeFtpServer] C:\Program Files\Home Series\Home Ftp Server\HomeFtpServer.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scan
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Startup: Ovulation Calendar.lnk = C:\Program Files\Ovulation Calendar\OVUCAL.EXE
O4 - Startup: WinMySQLadmin.lnk = C:\Program Files\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www103.coolsavings.com
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134114402781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145943269234
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com.edgesuite.net/panel/maple/dcainst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: FTP Voyager Scheduler (FVScheduler) - Unknown owner - C:\Program Files\RhinoSoft.com\FTP Voyager\FVScheduler.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\xampp\tomcat\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

geraldgrogan
2006-11-18, 03:39
I have already tried running VundoFix.exe and both times it reported that the trojac was not found; however it will continually show up in the McAfee warning messages that this OC is infected with this trojan.

Symantec Trojan.Vundo Removal Tool 1.5.0

C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)
F:\System Volume Information: (not scanned)
G:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.

pskelley
2006-11-18, 19:32
Welcome to the forum, Gerald I don't see a lot of this stuff you are claiming. It may be there hidden but the infections you mention usually show something. You do have issues, so let's clean them up and see what happens. We want the wife to be happy.


C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)
F:\System Volume Information: (not scanned)
G:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.This is your System Restore files, we will clean them before we are done. Nothing in them can get back on the computer unless you were to do a System Restore, so do not.


1) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint

2) Your Java program is out of date, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_07\ <<< out of date. Please uninstall all old versions and download the newest.

Start > Control Panel > Add Remove programs. While you are removing old Java, look for the junk you mentioned when you posted. Uninstall anything you see that you know should not be there. If you are unsure let me know and I will look.

4) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

5) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

6) How to use the Delete on Reboot tool http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file: C:\WINDOWS\SYSTEM32\ldcore.dll and click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button if you would like to reboot now.

7) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
(Yahoo! Toolbar is missing a file and not working right if at all. If you use it, install it again when we are finished)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1A5EB734-CF6D-44D1-92CB-65192EA96072} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: (no name) - {AB7AED90-B609-45D5-8062-BB1AE59E1DCB} - \
O2 - BHO: (no name) - {CBA0A64A-7002-4C91-BF72-266F0FB7F0FF} - \
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O15 - Trusted Zone: http://www103.coolsavings.com
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

8) RIGHT Click on Start then click on Explore. Locate and delete these items:

c:\windows\system32\ldcore.dll <<< delete that file (should be gone)

9) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post a new HJT log.

Once that logs is posted, the follow the directions in this link:
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/
Thanks to John McKenna for the tutorial. Follow all directions and make sure you delete or at least quarantine anything located. Save that report and post it for me as soon as you have it.

Thanks...Phil

geraldgrogan
2006-11-19, 10:20
The requested HJT log is attached below:

Logfile of HijackThis v1.99.1
Scan saved at 2:08:41 AM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\RhinoSoft.com\FTP Voyager\FVScheduler.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AnalogX\FastCache\fc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Ovulation Calendar\OVUCAL.EXE
C:\Program Files\xampp\mysql\bin\winmysqladmin.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HJT.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [FastCache] C:\Program Files\AnalogX\FastCache\fc.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HomeFtpServer] C:\Program Files\Home Series\Home Ftp Server\HomeFtpServer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scan
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Startup: Ovulation Calendar.lnk = C:\Program Files\Ovulation Calendar\OVUCAL.EXE
O4 - Startup: WinMySQLadmin.lnk = C:\Program Files\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134114402781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145943269234
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com.edgesuite.net/panel/maple/dcainst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: FTP Voyager Scheduler (FVScheduler) - Unknown owner - C:\Program Files\RhinoSoft.com\FTP Voyager\FVScheduler.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\xampp\tomcat\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

pskelley
2006-11-19, 14:00
Thanks for returning your HJT log. I see you posted at 3:20 that must be AM, I just don't know your location.

I need to point out you are running a rouge spyware program, see this information.
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scan
http://www.castlecops.com/startuplist-5284.html
http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note
I strongly suggest you remove this junk from your computer.

You HJT log looks good and I wil know more when you post the results of the AVG Anti-Spyware scan. Let me know how the computer is running, any symptoms you see and any error message "word for word" at that point.

Thanks

geraldgrogan
2006-11-19, 17:32
** I am also still seeing the 'VSADD-in' in Remove/Add programs. I have not attempted to remove it using Remove /add programs since the remove step you mentions above. When clicked nothing happens. Any Ideas? Should I be worried?

Thanks for the assistance.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:06:04 AM 11/19/2006

+ Scan result:



F:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll -> Adware.WindowEnhancer : Ignored.
C:\Program Files\LogMeIn\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
C:\Program Files\LogMeIn\update\2-30-547.bak\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
C:\Program Files\LogMeIn\update\2-30-555.bak\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
C:\WINDOWS\system32\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
C:\WINDOWS\system32\LMIinit.dll.000.bak -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
D:\My Documents\My Downloads\Download\WINVNC\vnc_x86_win32\vncviewer\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Ignored.
D:\My Documents\My Downloads\Download\DVD_Decrypter\DVD stuff\DVDXCOPYv3.8.0\DVD Copy Plus 3.8.0 With Serial\DVD Copy Plus Patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Ignored.
F:\Documents and Settings\Administrator\Cookies\administrator@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@com[2].txt -> TrackingCookie.Com : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned.
F:\WINDOWS\Cookies\hp authorized customer@com[2].txt -> TrackingCookie.Com : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@www.acdc.com.18345.fb.dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1pajcboqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiehdzmdoqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyagazocogwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyspdpsfpa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyemajkdogydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyepdjagpq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfk4enczkgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfk4ogc5alo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfk4omczkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfk4ond5sbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfk4uidpghq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfk4unczkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkiakdzkgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkiciajmdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkiejdjceq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkiemc5mbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkikpdjihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkioncpahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkiwhcjcgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkockc5gco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkowpazkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkyejcpmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkyencjcfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkygkdpegp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkyoic5odp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkyqjdzeaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkywpczico.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfl4kgdjmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfl4qkajkaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfl4sgajsbq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfl4wodpwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflickcpikp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflieoc5okq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfligpazaep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflikhdpikp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfliolazmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflisndpckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflisodpggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflogicjmeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflokgazskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfloupdzwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflyuhd5sko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmiaidzsco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmiopdpclp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmiqncpilo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmisgcjkgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmisocjefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmyalcjefq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmyepd5kfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmykjdzakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmyqgcpeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmyshc5sco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmyugd5slo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmyumc5iao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgk4kjdpcho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgk4qndjsgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkielcjglo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkikjajegq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkioncpakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkiqhczwdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkiskdpkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkiwgczeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkiwjd5idp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkiwmdjafp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkiwmdzwcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkiwncpkgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkoapdjaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkocoajwbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkogic5ago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkoujcpogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkowodpgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkowpcjaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkycod5kho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkygndjkfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkysjdzgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkysnc5ego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkyukdpckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkywkcjoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgl4aodpaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgl4opazsap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wglicndzicq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgliemc5klp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wglioicjmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgliwpc5wbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgloapazido.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgloohdpsdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wglooidpwdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wglyaoczagq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wglykndzkdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgmiakczifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgmioodjkho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgmyalajodq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgmyeoc5cao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgmyolczkgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgmysgcpgeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgmysndzslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whk4upc5sfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whkiagd5mhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.

geraldgrogan
2006-11-19, 17:33
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whkiamcjcfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whkoklc5weo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whkykiajckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whkywjcjcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whlyagazkgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whlygjajsho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whlyqhazegp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4glc5sdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4kpajkeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4oiczgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4qmdzwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4qpc5mcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4sgdzsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4skdjgko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4smc5kbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkoahc5clp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkocod5afq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkoenc5oho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkokmajccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkokoajkho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkoqgajecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkoqmd5kgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkosmajocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkosndzcdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkowjd5ccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyajdjcgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyamajaho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyamazwfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkychd5mcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyejdjclo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyghajcfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkygkdjsdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkygocpafo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkygpajaco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkykpajcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyomdjado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyomdjghq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyqjazelo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyqkc5wbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkysic5ikp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyuhdjmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyujdjodo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkyuodzogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjl4gpcpecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjl4khazcfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjl4okdjsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjl4spdzeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjl4umajafp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjliapcpeeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjligld5aep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlikkazkhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjliojd5wdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjliqmczkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.

F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjliwodjkko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjloaoc5ico.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlochczagp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjloehcjilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlogldjglq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlokgdjicp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlokkdjoeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlokoazkhq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlookajkdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjloshdjeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlosic5mbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlosncpgco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjloujcjogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjloukc5sep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlowidpmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlycmcjofo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlyghczkfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlykldjoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlyqkdzaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlyqodjgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlysiazkao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlysidpcao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlysldjwco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlyuiajilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlyujdzwfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlywlazogq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmichajmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmichazgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmicicpmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmiepdjmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmigjcjsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmigkazago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmiogdpcap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmyahajkkq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmycjcpgeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.

geraldgrogan
2006-11-19, 17:34
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmyejcjwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmygmc5ehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmyqndzcfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmywhd5okq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmywpczegp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1gd5ih.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1iazse.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1idzaf.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1ldpca.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1majsb.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1mczkc.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1mdjcb.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1nc5ig.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1ocpcb.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1pcpwk.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1pdjch.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1sc5wd.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyajdzohp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyancpkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyandzigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnycgc5kco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnycgdzmco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnycicjibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyckdpacp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnycpd5ckq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyekajocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyelcpgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyggc5sbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnygjdjkbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnygkdzmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnygpdjihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyogczago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyoid5obp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyojajcdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyokajogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyonc5cao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyopdjofp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyqlajecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyqmazgdq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyslajglp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyulajgap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnywlc5cao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnywoczkfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnywpcjaeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@ads.link4ads[2].txt -> TrackingCookie.Link4ads : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@aphrodite_porntrack.txt -> TrackingCookie.Porntrack : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@artemis_porntrack(2).txt -> TrackingCookie.Porntrack : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@hekate.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned.
D:\My Documents\My Downloads\Download\Junes Laptop Files\Windows\Cookies\jmg7076@stats1.porntrack[2].txt -> TrackingCookie.Porntrack : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@gm_preferences.txt -> TrackingCookie.Preferences : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@preferences[2].txt -> TrackingCookie.Preferences : Cleaned.
D:\My Documents\My Downloads\Download\Junes Laptop Files\Windows\Cookies\jmg7076@preferences[2].txt -> TrackingCookie.Preferences : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@specificpop[2].txt -> TrackingCookie.Specificpop : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
D:\My Documents\Froh_Drive_Original\WINDOWS\Cookies\anyuser@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
F:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\My Documents\My Downloads\VirtualDub\VirtualDub-1.6.11.zip/vdub.exe -> Trojan.Delf.sp : Cleaned with backup (quarantined).
D:\My Documents\My Downloads\VirtualDub\vdub.exe -> Trojan.Delf.sp : Cleaned with backup (quarantined).
C:\Program Files\AIM95\icbmft.ocm -> Worm.AimVen : Cleaned with backup (quarantined).


::Report end

geraldgrogan
2006-11-19, 17:56
I have attempted to remove this SpyHunter application several times. Any ideas how best to remove it?

BTW - I live in Southeast Wisconsin along with my wife and my seven month old triplets & their older sis who is now 3 1/2. Workig on the computer at 2am is the only free time that I have :D:

pskelley
2006-11-19, 18:15
I understand, you have to do it when you have time. I see you are storing a lot of cookies, here is information to help you stop that. This information may vary when you download IE-7 which I do suggest:
http://www.mvps.org/winhelp2002/cookies.htm
http://www.microsoft.com/windows/ie/using/howto/privacy/config.mspx

I see you ignored items in the AVG scan, I will assume you know why.

I am also still seeing the 'VSADD-in' in Remove/Add programs. Please uninstall any program you know does not belong there. If you are unsure let me know and I will look. Make sure there is no uninstaller for SpyHunter in Add Remove programs.

You can show me what is left like this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scan

Close all programs but HJT and all browser windows, then click on "Fix Checked"

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\Program Files\Enigma Software Group\ <<< delete that folder

Post the uninstall list and let me know about any issues.

Thanks...Phil

geraldgrogan
2006-11-19, 21:13
Yes, the ignorred objects are known tools that I need.
From AVG - I am not sure what the following two are - Any Ideas? I did set this PC up for Remore control at one point, but no longer use that feature.

C:\WINDOWS\system32\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
C:\WINDOWS\system32\LMIinit.dll.000.bak -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.

-- Jerry

*******
The uninstall text is pasted below.

3D Fish School Screen Saver 3.54
3D Home Architect Home Design Deluxe 6
7-Zip 4.42
AC3Filter (remove only)
Access 3
Access Conversion Toolkit
Access2MySQL Pro 5
Ad-Aware SE Personal
Adobe Acrobat 7.0.8 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop Elements 2.0
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
AIM Gadgets 2.8
AIM Location Info
AnalogX BitPump
AnalogX CookieWall
AnalogX FastCache
AnyDVD
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Camera Suite
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Display Driver
AVG Anti-Spyware 7.5
AviSynth 2.5
Bazooka Scanner
BitComet 0.70
Blue's Preschool
Caillou(R) Magic Playhouse(TM)
Calendar Creator
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon CanoScan Toolbox 4.8
Canon G.726 WMP-Decoder
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities FileViewerUtility 1.0
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CloneDVD 3.9.4
Colorful DVD Creator(Mpeg Encoder) 4.0 Trial
Colorful Movie Editor Trial 4.0
Consumer Input Rewarded with MyPoints, Consumer Input Software (remove only)
Core FTP LE 1.3c
Coupon Manager
Creating Keepsakes Scrapbook Designer
Dan Elwell's Broadband Speed Test
DMI Browse
DScaler 5 Mpeg Decoders
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD43 v3.9.0
Easy CD & DVD Creator 6
Easy CD Clone
Edmark Millie's Math House
EngInSite MySQL Client 1.4.9.195
Family Reunion Organizer 1.02
Flickr Uploadr 2.3
Free Download Manager 2.0 - Free Downloads Center Edition
Freeze Clip Art
FTP Voyager 13.0
GameTap
GoodMEM
Google Toolbar for Internet Explorer
Google Video Uploader
HijackThis 1.99.1
Hot CPU Tester Pro 4.2.2 Lite Edition
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
hp deskjet 970c series
hp deskjet 970c series (Remove only)
HP Image Zone Express
ImageMagick 6.2.9-2 Q8 (09/01/06)
Indeo® software
InfoView
InterVideo WinDVD
Ipswitch WS_FTP Home 2007
i-Speeder
iTunes
J2SE Runtime Environment 5.0 Update 9
Kaspersky Online Scanner
List Builder Add-in for Microsoft Office Publisher 2003
LogMeIn
Macromedia Flash Player 8
MakeTorrent v2.1
McAfee SecurityCenter
McAfee VirusScan
MetaBench 0.98a BETA
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Date and Phone XML Smart Tags
Microsoft Office 2003 Web Components
Microsoft Office FrontPage 2003
Microsoft Office PowerPoint 2003 Template Creation Wizard
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office Professional Edition 2003
Microsoft Office Sounds
Microsoft Outlook Personal Folders Backup
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Tool Web Package:WntIpcfg.exe
Microsoft Video Email add-in for Outlook 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows XP Video Decoder Checkup Utility
MSI Live Update 3
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MyPublisher BookMaker
MySQL Connector/ODBC 3.51
NetBeans IDE 5.0
No-IP.com DUC (remove only)
NVIDIA PureVideo Decoder
OIN
OpenMG Limited Patch 4.3-05-10-05-01
OpenMG Secure Module 4.3.00
Ovulation Calendar
Paragon Partition Manager 7.0 Demo
Password Tracker Deluxe 3.63
PasswordKeeper
PC Alert 4
Photodex Presenter
Picasa 2
PowerDVD
PowerFTP 3.2
PowerQuest PartitionMagic 8.0
Publisher WordArt Compatibility Add-In
Quicken 2006
QuickTime
RCA Quick Playlist Manager
Reader Rabbit Kindergarten
RoadRunner
RootsMagic 3.2.2.0
Roxio Easy Media Creator 8 Content
Roxio Easy Media Creator 8 Suite
S3 S3Info2
S3 S3Overlay
S3 S3TrayPlus
SBC Yahoo! Applications
SecureDoc
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Shockwave
SimplyShopping
SmartSound Quicktracks Plugin
Soldier of Fortune II - SP Demo
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Studio Deluxe
Sonic TiVoToGo
Sonic Update Manager
SonicStage 3.3
Sony MP3 Conversion Tool
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Startup Cop
TiVo Desktop
TurboTax ItsDeductible 2005
TurboTax Premier 2005
Ulead COOL 3D 3.0
Ulead DVD MovieFactory 4.0
Ulead DVD MovieFactory 5
Ulead VideoStudio 9.0
UltraEdit-32
UniChrome Pro IGP Display Driver and Utilities
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VCenter
VIA Platform Device Manager
VIA Vinyl Audio Codecs Driver Setup Program
VideoNow Media Wizard
Videora TiVo Converter 0.80
VSAdd-in for Internet Explorer
WexTech AnswerWorks
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
WMIinfo
XAMPP 1.5.3a
Zinio Reader

geraldgrogan
2006-11-19, 21:16
BTW - One more item of interest.

Drives D & F were previous boot drives that are now used as file storage instead.

--Jerry

pskelley
2006-11-19, 22:16
C:\WINDOWS\system32\LMIinit.dll <<< no doubt it has to do with the same program:
C:\Program Files\LogMeIn\LogMeInSystray.exe
http://www.castlecops.com/o20list-115.html
https://secure.logmein.com/
It's not malware, you can remove it if you wish.

Uninstall list, I am looking for malware, it might be a good chance for you to review what is there and to uninstall programs you no longer use.

OIN <<< uninstall this, PurityScan spyware
http://coffeejedi.darkimage.net/post.html?post_id=462
http://www.outerinfo.com/howto.html <<< uninstaller if needed

VSAdd-in for Internet Explorer
I would uninstall that. Not a lot of information:
http://www.google.com/search?hl=en&rls=GGLG,GGLG:2006-16,GGLG:en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=VS+Add-in+for+Internet+Explorer&spell=1
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=VSAdd%2din+for+Internet+Explorer

It might not be a bad idea to take a look for any other hidden Smitfraud infection. Follow the instructions in this link to download Smitfraudfix. I only want you to run the "Search" function. Post the results in your topic.
http://siri.geekstogo.com/SmitfraudFix.php

Take a hard look at that uninstall list yourself, I do not know a lot of those programs and you may spot something bad.

Let's clean the System Restore files now like this:
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

I'll give you this information now also:
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Let me see that report from the "Search" function in Smitfraudfix, let me know about any malware issues. Post a last HJT log also.

Thanks

geraldgrogan
2006-11-20, 02:02
SmitFraudFix v2.123

Scan done at 17:56:37.31, Sun 11/19/2006
Run from D:\My Documents\My Downloads\smitfraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\keyboard1.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jmgrogan


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jmgrogan\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jmgrogan\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

geraldgrogan
2006-11-20, 02:17
No other issues were noticed.
Thanks for the assistance.

I turned on System Restrore, based on your posting. Appearently, it was turned off this entire time.


--Jerry


Logfile of HijackThis v1.99.1
Scan saved at 6:13:57 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\RhinoSoft.com\FTP Voyager\FVScheduler.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AnalogX\FastCache\fc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Ovulation Calendar\OVUCAL.EXE
C:\Program Files\xampp\mysql\bin\winmysqladmin.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\HJT\HJT.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [FastCache] C:\Program Files\AnalogX\FastCache\fc.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"

-preload
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HomeFtpServer] C:\Program Files\Home Series\Home Ftp

Server\HomeFtpServer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo

Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service

/registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service

/registry /auto:TivoServer
O4 - Startup: Ovulation Calendar.lnk = C:\Program Files\Ovulation Calendar\OVUCAL.EXE
O4 - Startup: WinMySQLadmin.lnk = C:\Program Files\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

http://www.activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)

- http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?113411440

2781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145943

269234
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} -

http://www.consumerinput.com.edgesuite.net/panel/maple/dcainst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) -

http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) -

https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -

https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k

runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program

Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: FTP Voyager Scheduler (FVScheduler) - Unknown owner - C:\Program

Files\RhinoSoft.com\FTP Voyager\FVScheduler.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program

Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program

files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\MSCSPTISRV.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe"

"--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator

8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo

Shared\Beacon\TiVoBeacon.exe" /service (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program

Files\xampp\tomcat\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program

Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

pskelley
2006-11-20, 02:43
Smitfraud has located at least one item: C:\WINDOWS\keyboard1.dat FOUND !
Let's do this:

Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click smitfraudfix.cmd
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
b]Note[/b], if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Post that report so I can see it.

You have formatted this HJT log and I can't work with it like that. Try clicking on Format at the top of Notepad and uncheck "Word Wrap". All logs neeed to be single spaced with no formatting.

Not a real safe idea to turn off System Retore usless you are purging it like we were. We have concluded a bad restore point is better than no restore point in an emergency:laugh:

Thanks

geraldgrogan
2006-11-20, 07:17
I am very sorry about the double spacing in the previous posting. I noticed it directly after I submitted my posting. I reccomend previewing the post before submitting (unlike what I did in the last posting).

SmitFraudFix v2.123

Scan done at 22:42:26.01, Sun 11/19/2006
Run from D:\My Documents\My Downloads\smitfraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\keyboard1.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

geraldgrogan
2006-11-20, 07:20
Logfile of HijackThis v1.99.1
Scan saved at 11:18:48 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\RhinoSoft.com\FTP Voyager\FVScheduler.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AnalogX\FastCache\fc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Ovulation Calendar\OVUCAL.EXE
C:\Program Files\xampp\mysql\bin\winmysqladmin.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HJT.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [FastCache] C:\Program Files\AnalogX\FastCache\fc.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HomeFtpServer] C:\Program Files\Home Series\Home Ftp Server\HomeFtpServer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Startup: Ovulation Calendar.lnk = C:\Program Files\Ovulation Calendar\OVUCAL.EXE
O4 - Startup: WinMySQLadmin.lnk = C:\Program Files\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134114402781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145943269234
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com.edgesuite.net/panel/maple/dcainst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: FTP Voyager Scheduler (FVScheduler) - Unknown owner - C:\Program Files\RhinoSoft.com\FTP Voyager\FVScheduler.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\xampp\tomcat\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

pskelley
2006-11-20, 13:58
Thanks Jerry, your HJT log looks good, safe surfing...I will ask tashi:) to close your topic when time permits.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.