IE Closes & Products keep being cked to ignore in scan and slow

**Mr_JAk3** · 2006-10-25, 09:29

Hi again

Before we'll continue I would like you to do something for me...
I need you to upload a file for further inspection.

Please go to thespykiller.co.uk

Read the instructions for uploading a file from this thread

Create a topic and name it to File for Lonny
Remember to include the link to this topic in your post.

Upload the following file to your topic:
C:\Windows\ie.exe

When you've done this, please post a link to the thread you just created to me.

Then:
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

**j-escalader72** · 2006-10-25, 15:29

Mr Jak,

I was unsure if you wanted a private posting of link. so....i am sending.
As you requested, the link to my posting of the uploaded file is
http://www.thespykiller.co.uk/forum/...p?topic=2893.0

I am presently doing the remainder of your request and will be posting log for you in a few.
Thank you so very much for all assistance.

jay esclader

**j-escalader72** · 2006-10-25, 16:11

Mr Jak,

Per your request, heres the Combofix Log.
I will be waiting for my next instructions from you.
Thank you so very much.....
_________________________________

Owner - 06-10-25 8:49:22.48 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Program Files\Corel\WordPerfect Office 2002\Template"

((((((((((((((((((((((((((((((( Files Created from 2006-09-25 to 2006-10-25 ))))))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-25 07:02 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-23 09:31 -------- d-a------ C:\Program Files\Common Files
2006-10-23 09:30 -------- d-------- C:\Program Files\Yahoo!
2006-10-23 09:29 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-10-23 09:29 -------- d-------- C:\Program Files\Windows Media Player
2006-10-23 09:26 -------- d-------- C:\Program Files\Sudoku Assistenten
2006-10-17 00:53 -------- d-------- C:\Program Files\Google
2006-10-13 08:05 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-10-02 13:26 -------- d-------- C:\Program Files\HP
2006-10-02 13:26 -------- d-------- C:\Program Files\Hewlett-Packard
2006-10-02 13:25 -------- d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2006-10-02 12:45 -------- d-------- C:\Program Files\Common Files\HP
2006-10-02 12:45 -------- d-------- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
2006-09-24 21:04 -------- d-------- C:\Program Files\illiminable
2006-09-13 22:08 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-09-13 11:58 77016 --a------ C:\WINDOWS\us2installer2.8.49.exe
2006-09-13 11:58 55512 --a------ C:\WINDOWS\system32\ipv6monr.dll
2006-09-13 11:58 12204 --a------ C:\WINDOWS\s.exe
2006-09-11 00:08 55512 --a------ C:\WINDOWS\system32\ipv6mons.dll
2006-09-03 21:32 8080 --a------ C:\WINDOWS\ie.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Acme.PCHButton"="C:\\PROGRA~1\\HPINST~1\\plugin\\bin\\PCHButton.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"_AntiSpyware"="C:\\Program Files\\McAfee\\McAfee AntiSpyware\\MssCli.exe"
"blpgvyqlphz"="C:\\WINDOWS\\System32\\tpttvtx.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"Propel Accelerator"="C:\\PROGRA~1\\BELLSO~1\\PropelAC.exe"
"LTMSG"="LTMSG.exe 7"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"BellSouthSyn"="C:\\Program Files\\BellSouth\\Application Center\\BsnAppCenter.exe /Synchronize"
"BellSouthScheduler"="C:\\Program Files\\BellSouth\\Application Center\\BsnAppCenter.exe /Scheduler"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,34,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,34,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,34,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"="McAfee AntiSpyware Shell Extension"
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"ie.exe"="C:\\WINDOWS\\ie.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Show missed alarms"="C:\\Program Files\\Alarm\\Alarm.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"nwiz"="nwiz.exe /install"
"WildTangent CDA"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Chancy 's School time.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\McAfee AntiSpyware.job
C:\WINDOWS\tasks\McAfee.com Update Check (FAMILY-CHANCY).job
C:\WINDOWS\tasks\McAfee.com Update Check (FAMILY-GUESS WHO).job
C:\WINDOWS\tasks\McAfee.com Update Check (FAMILY-Hanson2).job
C:\WINDOWS\tasks\McAfee.com Update Check (FAMILY-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (FAMILY-rhino).job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\Yahoo.job

Completion time: 06-10-25 8:51:33.98
C:\ComboFix.txt ... 06-10-25 08:51

**Mr_JAk3** · 2006-10-25, 20:51

Hi again, good work

We'll remove the old version of Ewido. (We'll install the latest version, AVG Anti-Spyware)
We'll remove the old versions of Java. (We'll install the latest version later)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Open Control Panel -> Add/Remove programs -> Remove all the of the following programs if found:

J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_05
ewido security suite

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

==================

Stop the following processes using Task Manager (press ctrl+alt+del, select the Processes tab, highlight the first process in the list and click End Process). Continue through the list (one at a time) until all processes have been ended. If something isn't found, please continue with the next process in the list.

ie.exe

Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"blpgvyqlphz"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"ie.exe"=-

Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [blpgvyqlphz] C:\WINDOWS\System32\tpttvtx.exe
O20 - AppInit_DLLs:

Please run Killbox.

Select "Delete on Reboot".
Select "All Files".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\tpttvtx.exe
C:\WINDOWS\us2installer2.8.49.exe
C:\WINDOWS\system32\ipv6monr.dll
C:\WINDOWS\s.exe
C:\WINDOWS\system32\ipv6mons.dll
C:\WINDOWS\ie.exe

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Restart your computer to the safe mode:

Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following folders (if present):
C:\Program Files\Viewpoint
C:\Program Files\Common Files\WinTools
C:\Program Files\AWS

Run ATF Cleaner

Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

Click on Scanner on the toolbar.
Click on the Settings tab.
- Under How to act?
  - Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
  - All checkboxes should be ticked.
- Under Possibly unwanted software:
  - All checkboxes should be ticked.
- Under Reports:
  - Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
  - Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

================

When you're ready, post the following logs to here:
- AVG's report
- a fresh HijackThis log

**j-escalader72** · 2006-10-26, 04:08

Mr Jak,

Per your request, i am posting the following logs in 3 posts because together they exceed the maximum.
- AVG's report
- a fresh HijackThis log

Thank you for all your assistance.
Jay Escalader

AVG Anti-Spyware - Scan Report
+ Created at: 8:02:29 PM 10/25/2006
+ Scan result:

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\McAfee.com\Agent\McAgent.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\McAfee.com\Agent\mcupdate.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP475\A0054397.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057019.rbf -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ddayw.dll -> Downloader.ConHook.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\geebc.dll -> Downloader.ConHook.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ssqpp.dll -> Downloader.ConHook.r : Cleaned with backup (quarantined).
C:\!KillBox\s.exe -> Logger.Agent.ow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057037.exe -> Logger.Agent.ow : Cleaned with backup (quarantined).
C:\!KillBox\ipv6monr.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\!KillBox\ipv6mons.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\!KillBox\us2installer2.8.49.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050187.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050192.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050193.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050198.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050199.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050223.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050224.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050228.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050229.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050240.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050241.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050254.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050260.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050261.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP448\A0050264.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050271.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050272.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050280.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050297.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050298.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050313.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050327.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050328.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050346.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050347.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050369.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050370.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050385.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050386.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050394.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050417.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050418.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050424.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050425.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050432.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050438.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050439.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050460.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050461.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP449\A0050462.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050465.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050466.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050473.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050486.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050487.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050496.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050497.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050502.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050533.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050534.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050545.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP450\A0050546.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP451\A0050691.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP451\A0050693.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057035.exe -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057036.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP479\A0057038.dll -> Logger.Goldun.lw : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.100:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.100:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.97:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.98:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.99:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.18:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.6:C:\Documents and Settings\rhino\Application Data\Mozilla\Firefox\Profiles\o8ckj752.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\rhino\Application Data\Mozilla\Firefox\Profiles\o8ckj752.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\rhino\Application Data\Mozilla\Firefox\Profiles\o8ckj752.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\rhino\Application Data\Mozilla\Firefox\Profiles\o8ckj752.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\rhino\Application Data\Mozilla\Firefox\Profiles\o8ckj752.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.33:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.69:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.55:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.67:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.107:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.108:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.109:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.145:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.46:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

_____ REMAINDER of AVG Log is in next post ________

**j-escalader72** · 2006-10-26, 04:19

Mr Jak,

Per your request, i am posting

- the remainder of AVG's report from prior post.
and a
- fresh HijackThis log will be in the next post.

Thank you for all your assistance.
Jay Escalader
_______________________________

*remainder of AVG Anti-Spyware Scan Report

+ Created at: 8:02:29 PM 10/25/2006
+ Scan result:
:mozilla.51:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.52:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.116:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.117:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.118:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.119:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.16:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.19:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.113:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.114:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.115:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.64:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.65:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.70:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.71:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.113:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.114:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.17:C:\Documents and Settings\rhino\Application Data\Mozilla\Firefox\Profiles\o8ckj752.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.85:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.86:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.108:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.147:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.148:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.149:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.150:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.96:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.97:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.98:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.99:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.120:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.122:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.123:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.88:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.89:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.110:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.111:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.73:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.74:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.75:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.76:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.124:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.135:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.136:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.137:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.121:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.146:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.41:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.42:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.43:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.46:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.49:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.50:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.51:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.84:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.85:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.86:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.87:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.88:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.89:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.90:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.91:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.107:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.39:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.40:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.152:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.153:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.154:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.155:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.157:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.158:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.110:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.111:C:\Documents and Settings\GUESS WHO\Application Data\Mozilla\Firefox\Profiles\gbevv0qh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.69:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.70:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.71:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.72:C:\Documents and Settings\CHANCY\Application Data\Mozilla\Firefox\Profiles\tawf13vl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
_______ next post for HJT LOG ________

**j-escalader72** · 2006-10-26, 04:25

Mr Jak,

Per your request, i am posting a

- fresh HijackThis log.

This completes the logs you needed to further assist me.
Thank you for all your assistance.
Jay Escalader

My fresh HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 8:22:56 PM, on 10/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (disabled by BHODemon)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (disabled by BHODemon)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRA~1\BELLSO~1\PropelAC.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BellSouthSyn] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Synchronize
O4 - HKLM\..\Run: [BellSouthScheduler] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Scheduler
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Alarm Clock Icon.lnk.disabled
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: Google Updater.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: ymetray.lnk.disabled
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll__BHODemonDisabled (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://usmilitary.about.com
O15 - Trusted Zone: http://www.la.ngb.army.mil
O15 - Trusted Zone: http://www.armyonesource.com
O15 - Trusted Zone: http://home.bellsouth.net
O15 - Trusted Zone: http://www.juno.com
O15 - Trusted Zone: www.militaryonesource.com
O15 - Trusted Zone: http://www.hotmail.msn.com
O15 - Trusted Zone: groups.msn.com
O15 - Trusted Zone: www.msnusers.com
O15 - Trusted Zone: http://vil.nai.com
O15 - Trusted Zone: *.nextel.com
O15 - Trusted Zone: http://loginnet.passport.com
O15 - Trusted Zone: http://*.subratam.org
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.3.1.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...29/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

**Mr_JAk3** · 2006-10-26, 12:15

Hi again looks better

We still have some work to do. You have an infection which replaces legitimate files with infected ones. We need to locate the legitimate backups and restore those...

Please download the following program and save it to your desktop:

http://noahdfear.geekstogo.com/FindAWF.exe

Once downloaded, double-click on the file to run it. When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.

Also, please run Silent Runners again an post it's log to here (do the same thing as earlier)

Then we'll continue

**j-escalader72** · 2006-10-26, 15:42

Mr Jak,
Per your request, I am posting the contents of AWF report file.

Also, I will run Silent Runners and post the new log for you in a few.

Thank you for your guidance to chomp away at these buggers.......
I appreciate it.

Jay Escalader
__________________________________

Find AWF report by noahdfear ©2006

21K files found
~~~~~~~~~

21K files found with strings
~~~~~~~~~~~~~~~~

25K files found
~~~~~~~~~

25K files found with strings
~~~~~~~~~~~~~~~~

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/17/2004 07:26 PM 245,760 McAgent.exe
10/25/2004 12:08 PM 184,320 mcupdate.exe
2 File(s) 430,080 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

05/06/2005 02:04 AM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~3\11720~1.567\BAK

09/13/2006 10:07 PM 157,944 GoogleToolbarNotifier.exe
1 File(s) 157,944 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

04/13/2005 03:48 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

245760 Aug 17 2004 "C:\Program Files\McAfee.com\Agent\bak\McAgent.exe"
184320 Oct 25 2004 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe"

end of report

**j-escalader72** · 2006-10-26, 16:12

Mr Jak,

Per your request, I am posting a new Silent Runners Log which will be in 2 postings due to length.

Thank you for your guidance. I appreciate it.

Jay Escalader
__________________________________________

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Yahoo! Pager" = ""C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet" [file not found]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Acme.PCHButton" = "C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe" ["Motive Communications, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"_AntiSpyware" = "C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe" ["Network Associates, Inc."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["VERITAS Software, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"StorageGuard" = ""C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r" [file not found]
"Share-to-Web Namespace Daemon" = "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"Propel Accelerator" = "C:\PROGRA~1\BELLSO~1\PropelAC.exe" [file not found]
"LTMSG" = "LTMSG.exe 7" ["Agere Systems"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"CamMonitor" = "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [empty string]
"BJCFD" = "C:\Program Files\BroadJump\Client Foundation\CFD.exe" ["BroadJump, Inc."]
"BellSouthSyn" = "C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Synchronize" ["BellSouth"]
"BellSouthScheduler" = "C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Scheduler" ["BellSouth"]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["Networks Associates Technology, Inc"]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["Networks Associates Technology, Inc"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
\StubPath = "rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM...CLSID} = "UberButton Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll__BHODemonDisabled" [file not found]
{65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "YahooTaggedBM Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YIeTagBm.dll__BHODemonDisabled" [file not found]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ST"
\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "MSNToolBandBHO"
\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["VERITAS Software, Inc."]
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}" = "America Online"
-> {HKLM...CLSID} = "America Online"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\aolshare\shell\us\shellext.dll" ["America Online, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll" ["Yahoo! Inc."]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}" = "McAfee AntiSpyware Shell Extension"
-> {HKLM...CLSID} = "McAfee AntiSpyware Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll" ["Network Associates, Inc."]
"{51550900-DCAC-11d4-AA0F-0080C87C465B}" = "WayTech MultiMouse"
-> {HKLM...CLSID} = "WayTech MultiMouse Extension"
\InProcServer32\(Default) = "C:\Program Files\Labtec Wireless Desktop\CPDll.dll" [null data]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{F2A0229A-C4CA-4789-B606-973D24DCDD1C}" = "McAfee AntiSpyware Shell Extension"
-> {HKLM...CLSID} = "McAfee AntiSpyware Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll" ["Network Associates, Inc."]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\System\CurrentControlSet\Control\SecurityProviders\
<<!>> ("zwebauth.dll" [MS]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"SsiEfr.e" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> application/xhtml+xml\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"
-> {HKLM...CLSID} = "MathPlayer Mime Filter Class"
\InProcServer32\(Default) = "C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]
<<!>> text/xml\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"
-> {HKLM...CLSID} = "MathPlayer Mime Filter Class"
\InProcServer32\(Default) = "C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]
<<!>> text/xml; charset=iso-8859-1\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"
-> {HKLM...CLSID} = "MathPlayer Mime Filter Class"
\InProcServer32\(Default) = "C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]
<<!>> text/xml; charset=utf-8\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"
-> {HKLM...CLSID} = "MathPlayer Mime Filter Class"
\InProcServer32\(Default) = "C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Owner\My Documents\My Pictures\Gif & jpg pictures\PhotoImpression4.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]

Startup items in "Owner" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
<<!>> "Adobe Reader Speed Launch.lnk.disabled" [null data]
<<!>> "Alarm Clock Icon.lnk.disabled" [null data]
"America Online 7.0 Tray Icon" -> shortcut to: "C:\Program Files\America Online 7.0\aoltray.exe -check" ["America Online, Inc."]
"Enable Labtec Wireless Desktop" -> shortcut to: "C:\Program Files\Labtec Wireless Desktop\MagicKey.exe" [empty string]
<<!>> "Google Updater.lnk.disabled" [null data]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Microsoft Works Calendar Reminders" -> shortcut to: "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]
<<!>> "ymetray.lnk.disabled" [null data]

Enabled Scheduled Tasks:
------------------------

"Chancy 's School time" -> launches: "C:\Program Files\Alarm\Alarm.exe "Chancy 's School time"" ["Cinnamon Software Inc."]
"McAfee.com Update Check (FAMILY-CHANCY)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"McAfee.com Update Check (FAMILY-GUESS WHO)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"McAfee.com Update Check (FAMILY-Hanson2)" -> launches: "C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe /Schedule" [file not found]
"McAfee.com Update Check (FAMILY-Owner)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"McAfee.com Update Check (FAMILY-rhino)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"Yahoo" -> launches: "C:\Program Files\Alarm\Alarm.exe Yahoo" ["Cinnamon Software Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "MSN"
\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = (no title provided)
-> {HKLM...CLSID} = "hp toolkit"
\InProcServer32\(Default) = "C:\HP\EXPLOREBAR\HPTOOLKT.DLL" ["Hewlett-Packard Company"]
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {HKLM...CLSID} = "McAfee VirusScan"
\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["Networks Associates Technology, Inc"]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {HKLM...CLSID} = "MSN"
\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll" [MS]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" [file not found]
{8F4902B6-6C04-4ADE-8052-AA58578A21BD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "hp toolkit"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\(Default) = "hp toolkit"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\HP\EXPLOREBAR\HPTOOLKT.DLL" ["Hewlett-Packard Company"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
"ButtonText" = "Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
-> {HKLM...CLSID} = "UberButton Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll__BHODemonDisabled" [file not found]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF}\
"ButtonText" = "Messenger"
"Exec" = "C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe" ["BellSouth"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]

Thread: IE Closes & Products keep being cked to ignore in scan and slow

Thread Tools

Display

Posting Permissions