WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijack Scan

Started by cracked_up , Mar 08 2007 12:49 PM

This topic is locked

13 replies to this topic

#1 cracked_up

New Member

New Member
6 posts

Posted 08 March 2007 - 12:49 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:31:05 PM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\AOL\1140065193\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\windows\system32\hphmon04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system32\HPHipm11.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Jim\Desktop\HijackThis.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140065193\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHmon04] C:\windows\system32\hphmon04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172714081065
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0244171172703138) (0244171172703138mcinstcleanup) - Unknown owner - C:\DOCUME~1\Jim\LOCALS~1\Temp\024417~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\windows\system32\HPHipm11.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

Advertisements

Register to Remove

#2 beynac

Silver Member

Visiting Fellow
459 posts

Posted 09 March 2007 - 09:05 AM

Hi cracked_up.

Welcome to TomCoyote forums.

I see that you are running HijackThis from your desktop. We need to put it in its own folder so that we can keep any backups safe.

Click on Start then My Computer
Double-click on your Local Disk (usually C)
Right-click on the space on the right hand side and select New then Folder
Rename the folder HJT
Move HijackThis from your desktop into this folder.
Create a shortcut on your desktop for HijackThis.exe

------------------------------------------------------------

F-Secure BlackLight

There is an item in your log that makes me think that there may be some hidden malware. I would like to check this before we go any further. This program will show us hidden files and processes.

Please download F-Secure Blacklight (blbeta.exe) from here.

Click I ACCEPT and download the graphical user interface version to your Desktop
Double click the file to run it, choose I accept the agreement then click Scan
It will create a log on your desktop (fsbl-date/time.log).
If it finds anything, do not rename any. Legitimate items can also be present.
Exit Blacklight

Please post the contents of the log as a reply to this thread, together with a new HijackTHis log.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#3 cracked_up

New Member

New Member
6 posts

Posted 10 March 2007 - 12:08 PM

Blacklight scan 3/10[/u]

03/10/07 12:40:37 [Info]: BlackLight Engine 1.0.55 initialized
03/10/07 12:40:37 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/10/07 12:40:38 [Note]: 7019 4
03/10/07 12:40:38 [Note]: 7005 0
03/10/07 12:40:43 [Note]: 7006 0
03/10/07 12:40:44 [Note]: 7011 1904
03/10/07 12:40:44 [Note]: 7026 0
03/10/07 12:40:44 [Note]: 7026 0
03/10/07 12:41:27 [Note]: FSRAW library version 1.7.1021
03/10/07 13:02:51 [Note]: 7007 0

Hijack scan 3/10[u]
Logfile of HijackThis v1.99.1
Scan saved at 1:04:41 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\AOL\1140065193\ee\AOLSoftware.exe
C:\windows\system32\hphmon04.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system32\HPHipm11.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140065193\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHmon04] C:\windows\system32\hphmon04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172714081065
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0244171172703138) (0244171172703138mcinstcleanup) - Unknown owner - C:\DOCUME~1\Jim\LOCALS~1\Temp\024417~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\windows\system32\HPHipm11.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

#4 beynac

Silver Member

Visiting Fellow
459 posts

Posted 10 March 2007 - 03:55 PM

Well, luckily for you, my theory was wrong!

The Blacklight scan didn't find any hidden files. There doesn't seem to be much wrong. Let's get it cleaned up.

------------------------------------------------------------------

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6.

Go to http://java.sun.com/...loads/index.jsp
Click on the link named Java Runtime Environment (JRE) 6
Click on the radio button to Accept License Agreement
Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
Go to Start => Control Panel => Add or Remove Programs
Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
Reboot your computer
Delete the folder C:\Program Files\Java if present
Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
Reboot your computer

---------------------------------------------------------------

Windows Defender:

This is a good program but we need to disable it as it may interfere with our fix.

Open Windows Defender
Click Tools => General Settings
Scroll down and uncheck Turn on real-time protection (recommended).
Click Save
Close Windows Defender

Don't forget to re-enable it when we have finished.

----------------------------------------------------------------

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0244171172703138) (0244171172703138mcinstcleanup) - Unknown owner - C:\DOCUME~1\Jim\LOCALS~1\Temp\024417~1.EXE (file missing)

Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

Reboot the computer.

----------------------------------------------------------------

ATF Cleaner by Atribune ©

Download ATF Cleaner by Atribune © from here : http://www.atribune..../click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.

Make sure that all browser windows are closed
Double-click the shortcut on your desktop to run the program.
Under Main, choose Select All
Untick Prefetch
Click Empty Selected
If you use Firefox browser,
- Click Firefox at the top and choose Select All
- Click on Empty Selected
- NOTE: If you would like to keep any saved passwords, please untick that option.
Click Exit to close.
If you use Opera browser,
- Click Opera at the top and choose Select All
- Click on Empty Selected
- NOTE: If you would like to keep any saved passwords, please untick that option.
Click Exit to close.

--------------------------------------------------------------

AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:

Click the Update icon at the top and under Manual Update click the Start update button.
The program will either update or inform you that no update was available.

You will need to change the following settings:

Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
Click the Update icon and untick the automatic update option.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act? - make sure that Quarantine is selected.
Under How to scan? - All checkboxes should be ticked.
Under Possibly unwanted software - All checkboxes should be ticked.
Under Reports - Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan? - Select Scan every file.

You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.

Restart your computer.
Continually tap the F8 button as your computer is booting (a menu appears).
Use up-arrow key to select Safe Mode and press Enter.

------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier

Click on Scanner on the toolbar.
Click on Complete System Scan to start the scan process.
Let the program scan your computer.
When the scan has finished, follow the instructions below:
- Make sure that Set all elements to: shows Quarantine
- Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
- When the program has finished, it will display the message All actions have been applied.
- Then click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Tray Icon and select Exit.

-----------------------------------------------------------------

Reboot in Normal Mode.

-----------------------------------------------------------------

Please post, as a reply to this thread:

The AVG Anti-Spyware report
A new HijackThis log

How is your computer running? Are you having any particular problems?

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#5 cracked_up

New Member

New Member
6 posts

Posted 11 March 2007 - 09:07 AM

My computer seems to be running slow, seems to take a very long time to open up applications ie;Mozilla Thunderbird and Firefox, and Firefox seems to crash more then it should.

I could not get hijack to fix this file - O23 - Service: McAfee Application Installer Cleanup (0244171172703138) (0244171172703138mcinstcleanup) - Unknown owner - C:\DOCUME~1\Jim\LOCALS~1\Temp\024417~1.EXE (file missing)

Logfile of HijackThis v1.99.1
Scan saved at 10:48:17 AM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\AOL\1140065193\ee\AOLSoftware.exe
C:\windows\system32\hphmon04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\windows\system32\HPHipm11.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140065193\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHmon04] C:\windows\system32\hphmon04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172714081065
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0244171172703138) (0244171172703138mcinstcleanup) - Unknown owner - C:\DOCUME~1\Jim\LOCALS~1\Temp\024417~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\windows\system32\HPHipm11.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:42:46 AM 3/11/2007

+ Scan result:

:mozilla.203:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.210:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.226:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.372:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.373:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.245:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.31:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.35:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.401:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.181:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.182:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.183:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.184:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.185:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.191:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.20:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Pam\2ri239pi.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.100:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.36:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.346:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.260:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.251:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.252:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.253:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.254:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.91:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.92:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.93:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.94:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.95:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.96:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.97:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.98:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.99:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.175:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.96:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.14:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.17:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Pam\2ri239pi.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.90:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.375:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.385:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.386:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.387:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.388:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.54:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.55:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.56:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.58:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.10:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.11:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.13:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.13:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Pam\2ri239pi.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.14:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Pam\2ri239pi.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.273:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.274:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.282:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.344:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.411:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.412:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.413:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.423:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.424:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.425:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.85:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.86:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.87:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Pam\2ri239pi.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.26:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.29:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.32:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.33:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.34:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.333:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.334:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.430:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.431:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.37:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.38:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.136:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.150:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.151:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.152:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.153:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.234:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.235:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.25:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Pam\2ri239pi.slt\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.26:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Pam\2ri239pi.slt\cookies.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Jim\Cookies\jim@real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.115:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.118:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.119:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.124:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.137:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.138:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.139:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.140:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.141:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.48:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.49:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.50:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.51:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.52:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.194:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.195:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.196:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.197:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.198:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.199:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.200:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.326:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.328:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.186:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.187:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.188:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.189:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.190:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.192:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.193:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.44:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.45:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.46:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.47:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.325:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.22:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.23:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.24:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.25:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.26:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.27:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.28:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.294:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.295:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.296:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.297:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.298:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.299:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.300:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.301:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.169:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.40:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.41:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.42:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.43:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\Jim\26cd3nxq.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.284:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.67:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.73:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.74:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.75:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.76:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.204:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.205:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.206:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.207:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.208:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

#6 beynac

Silver Member

Visiting Fellow
459 posts

Posted 11 March 2007 - 11:30 AM

Hi cracked_up.

The HijackThis log appears to be clean and the AVG Anti-Spyware scan only found tracking cookies. I'm a bit concerned that there were so many as I expected ATF Cleaner to have already removed these. Did you have all other windows closed when you ran ATF Cleaner? I think that it would be a good idea to run it again, as removing all of the rubbish can speed up the computer. I can't see much else that could slow your computer significantly, except for McAfee. These programs can use a lot of system resources.

Have you got the latest versions of Thunderbird (1.5.0.10) and Firefox (2.0.0.2) installed? If not, I suggest that you download them from here and here and then install them.

The HiajckThis line which you were unable to fix isn't bad, it's just superfluous. We'll try a different approach. So, let's get started.

------------------------------------------------------

ATF Cleaner by Atribune ©

Make sure that all browser windows are closed
Double-click the shortcut on your desktop to run the program.
Under Main, choose Select All
Untick Prefetch
Click Empty Selected
If you use Firefox browser,
- Click Firefox at the top and choose Select All
- Click on Empty Selected
- NOTE: If you would like to keep any saved passwords, please untick that option.
Click Exit to close.
If you use Opera browser,
- Click Opera at the top and choose Select All
- Click on Empty Selected
- NOTE: If you would like to keep any saved passwords, please untick that option.
Click Exit to close.

------------------------------------------------

Select the contents of the Code Box below, right-click and copy it, then paste into Notepad.

@echo off
sc stop 0244171172703138mcinstcleanup
sc delete 0244171172703138mcinstcleanup
del beynac.bat
exit

Still in Notepad, go to Format (upper menu bar) and untick Word Wrap
Go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: beynac.bat
Save as Type: All files
Click: Save
Exit out of Notepad.

On the Desktop, double-click on beynac.bat. A window will open and close - this is normal.

----------------------------------------------------

Kaspersky Online Scanner

As you are still having problems, I would like you to run an online scan.

Using Internet Explorer, go to: http://www.kaspersky.com/virusscanner

Click on Kaspersky Online Scanner
Click the Accept button
Follow the prompts to download and install the ActiveX component(s) and other software
- If a yellow information bar appears at the top of the browser window, click on it and select Install ActiveX Control
- If a message box appears, click on OK or Run as appropriate
Click Accept again (see the note below if using IE7)
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click 'Next'.
Now click on 'Scan Settings'
In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
- Scan Options: 'Scan Archives' and 'Scan Mail Bases'
Click 'OK'
Now under 'Select a target to scan' select 'My Computer'
The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
Now click on the Save as... button:
Save the report to your desktop (Save as type: Text document (txt))

Note: The Kaspersky online scanner is not yet fully compatible with IE7. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.

----------------------------------------------------

Please post:

The Kaspersky report
A new HijackThis log

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#7 cracked_up

New Member

New Member
6 posts

Posted 12 March 2007 - 05:55 AM

I did have everything closed, and ran it twice to be sure it did the job. I have the latest versions of Thunderbird and Firefox. It takes an extended period of time for them to open up, ~20 sec compared to a couple previously.

Logfile of HijackThis v1.99.1
Scan saved at 7:43:06 AM, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\AOL\1140065193\ee\AOLSoftware.exe
C:\windows\system32\hphmon04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system32\HPHipm11.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\trueplay.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140065193\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHmon04] C:\windows\system32\hphmon04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172714081065
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\windows\system32\HPHipm11.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

This is a partial report, had too many charecters in the report to post, so I removed some. If I need to post as an attachment let me know. Thank you.

KASPERSKY ONLINE SCANNER REPORT
Monday, March 12, 2007 7:35:34 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/03/2007
Kaspersky Anti-Virus database records: 280516
-Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 72473
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 04:30:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a41ba088b3fda54d054465c6750b605b_f04a9fa2-6c1d-4da9-9ec6-2d1008e739e5 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12102006-160126.log Object is locked skipped
C:\Documents and Settings\Jim\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Messenger\skirpj@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Messenger\skirpj@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Messenger\skirpj@hotmail.com\SharingMetadata\Working\database_D8F0_5C01_F05B_E3F2\dfsr.db Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Messenger\skirpj@hotmail.com\SharingMetadata\Working\database_D8F0_5C01_F05B_E3F2\fsr.log Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Messenger\skirpj@hotmail.com\SharingMetadata\Working\database_D8F0_5C01_F05B_E3F2\tmp.edb Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Windows Live Contacts\skirpj@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Windows Live Contacts\skirpj@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\bj1qxb5t.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Temp\~DFC9C9.tmp Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Temp\~DFCA00.tmp Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Temp\~DFE9AA.tmp Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Temp\~DFEA09.tmp Object is locked skipped
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jim\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\0\0201D20472 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\0\0201D28368 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\0\0201E068C0 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\0\020256406A Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\0\2B000002E0 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\0\2B00000AC8 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\1\0201E068C0 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\1\020256406A Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\1\17700429C7D16EBAA033513DD4D98340 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\1\2B00000AC8 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\1\3C8BF1702A583FAB561245D6D4D7C7DD Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\1024\0201E05FD0 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\1024\2B000001E4 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\3\0201D23F04 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\bart\3\2B00000C2B Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\users\pbyer1161\buddyicon Object is locked skipped
C:\Documents and Settings\Pam\Application Data\acccore\caches\users\pbyer1161\feedbag Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\gateway.err Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\organizer70\favorites.frm Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\organizer70\favorites.MYD Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\organizer70\favorites.MYI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\organizer70\files.frm Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\organizer70\files.MYD Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\organizer70\files.MYI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\organizer70\folders.frm Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\organizer70\folders.MYD Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\organizer70\folders.MYI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\Preferences\AcrobatColorSettings.csf Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\Preferences\WebCaptr.prefs Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\Distiller 7\Cache\AdobeFnt01.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\Distiller 7\Cache\AdobeFnt03.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\Distiller 7\Cache\AdobeFnt04.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\Distiller 7\Cache\AdobeFnt07.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\Distiller 7\Cache\AdobeFnt09.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\Distiller 7\Cache\AdobeFntSys.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\Distiller 7\Cache\PSHFList1 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\Distiller 7\messages.log Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\PDFMaker 7\Cache\AdobeFnt00.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\PDFMaker 7\Cache\AdobeFnt01.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\PDFMaker 7\Cache\AdobeFnt02.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\PDFMaker 7\Cache\AdobeFnt03.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Adobe\Acrobat\PDFMaker 7\Cache\AdobeFntSys.lst Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Bitdefender\Desktop\Profiles\aconf.tsi Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Bitdefender\Desktop\Profiles\antispam.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Bitdefender\Desktop\Profiles\bdmcon.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Bitdefender\Desktop\Profiles\tasks.xml Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Bitdefender\Desktop\Profiles\task_context.xml Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\Pen.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\photopnt.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\pntbars.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\PNTBRBR.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\PNTBRBR.MSK Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\PNTBRCL.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\PNTBREF.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\pntdcks.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\pntdef.sck Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\pntmenu.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\PNTNIB.MSK Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\pntnib.nib Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\pntrols.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\pntsbar.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\Proset.msk Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®\Proset.nib Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\Adobe® PhotoShop®.CW_ Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\Pen.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\photopnt.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\pntbars.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\PNTBRBR.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\PNTBRBR.MSK Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\PNTBRCL.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\PNTBREF.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\pntdcks.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\pntdef.sck Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\pntmenu.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\PNTNIB.MSK Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\pntnib.nib Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\pntrols.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\pntsbar.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\Proset.msk Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\Proset.nib Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7\ScriptMgr.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 7.CW_ Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\Pen.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\photopnt.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\pntbars.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\PNTBRBR.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\PNTBRBR.MSK Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\PNTBRCL.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\PNTBREF.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\pntdcks.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\pntmenu.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\PNTNIB.MSK Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\pntnib.nib Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\pntrols.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\pntsbar.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\prnbars.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\prnsbar.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\Proset.msk Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\Proset.nib Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA\ScriptMgr.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\PHOTOPAINT 8 VGA.CW_ Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\Pen.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\photopnt.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\pntbars.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\PNTBRBR.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\PNTBRBR.MSK Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\PNTBRCL.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\PNTBREF.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\pntdcks.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\pntmenu.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\PNTNIB.MSK Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\pntnib.nib Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\pntrols.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\pntsbar.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\prnbars.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\prnsbar.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\Proset.msk Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\Proset.nib Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default\ScriptMgr.cfg Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Corel\CorelDRAW8\PhotoPnt8\_default.CW_ Object is locked skipped
C:\Documents and Settings\Pam\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Intuit\Quicken\Config\QUSER.INI Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Intuit\Quicken\Config\QW.CFG Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Intuit\Quicken\Config\WPR.DAT Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Intuit\Quicken\Data\intuprof.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Intuit\Quicken\Data\QW.RMD Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Intuit\Quicken\Log\CONNLOG.TXT Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Intuit\Quicken\Log\qw.log Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Intuit\Quicken Rental Property Manager\Config\rpmUser.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Intuit\Quicken Rental Property Manager\Config\WPR.DAT Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Intuit\Quicken Rental Property Manager\Log\dbc.log Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Logitech\SetPoint\user.xml Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\amazon.com\HealthBillboard_Main.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\amazon.com\images\G\16\00\00\00\33\95\30\33953021._V41670722_.swf\tgtvictoriahagan.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\amazon.com\images\G\16\00\00\00\39\66\92\39669285._V38831279_.swf\userInfo.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\design.hgtv.com\bath\playerWithLC.swf\Instream.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\homedepot.shoplocal.com\global308683.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\jcpenney.shoplocal.com\global319224.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\kdka.com\CBS_vindex_favorites.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\lnts.shoplocal.com\global316149.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\lnts.shoplocal.com\global326752.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\localhost\core.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\lowes.shoplocal.com\global308980.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\richfx.com.edgesuite.net\catalog_walmart\mayvogue_2006\loader.swf\shoppingCart.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\scene7.com\is-viewers\flash\genericbrochure.swf\#AnnTaylorLoft\October06Mailer_init.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\scene7.com\is-viewers\flash\genericbrochure.swf\#RedcatsUSA\lnr%5F06%5Fwo%5Fclear1_init.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\scene7.com\is-viewers\flash\genericzoom.swf\#LillianVernon\037281_init.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\scene7.com\s7_AnnTaylorLoft.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\scene7.com\s7_gsicommerce.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\scene7.com\s7_LillianVernon.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\scene7.com\s7_RedcatsUSA.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\static.userplane.com\presence\presence.swf\presence_1.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\video.nbcuni.com\embed\1_1-1\embedded.swf\nbcuvp.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\www.comcast.net\swf\common\app\fan\fan.swf\Lightningcast.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\www.comcast.net\swf\fan\fan.swf\Lightningcast.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\www.comcast.net\swf\fan\fan.swf\___comcastanon___.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\www.lighttounite.org\LightToUnite_2006.swf\LightToUnite.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\www.nbc.com\snl_fav_data.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\www.youtube.com\soundData.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\TJUFCER9\youtube.com\soundData.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#amazon.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#design.hgtv.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#homedepot.shoplocal.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#jcpenney.shoplocal.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#kdka.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lnts.shoplocal.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lowes.shoplocal.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#richfx.com.edgesuite.net\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#scene7.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.userplane.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.nbcuni.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.comcast.net\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.lighttounite.org\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.nbc.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#youtube.com\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Address Book\Pam.wab Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Address Book\Pam.wab~ Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\71644221AC231DBD2359C18EBB2118DC Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\B2F4B1D39F0694C6CDB433BC3CCF1418 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\C571B417AAF1F617555A0486AB3F5361 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\71644221AC231DBD2359C18EBB2118DC Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\B2F4B1D39F0694C6CDB433BC3CCF1418 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\C571B417AAF1F617555A0486AB3F5361 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1547161642-1078145449-839522115-1005\146482325737612d5fbcd71839d49d49_f04a9fa2-6c1d-4da9-9ec6-2d1008e739e5 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1547161642-1078145449-839522115-1005\a077ead69703e3bf1fd373a3c9376faa_f04a9fa2-6c1d-4da9-9ec6-2d1008e739e5 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1547161642-1078145449-839522115-1005\e469173fe6ce88ac396c24bd6b57723c_f04a9fa2-6c1d-4da9-9ec6-2d1008e739e5 Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Excel\Excel11.xlb Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\Media Player\09B6F5AE.wpl Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\0\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\0\sqmnoopt00.sqm Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1770808120\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1770808120\sqmnoopt00.sqm Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1793408275\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1793408275\Backgrounds\TFR49.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1793408275\Backgrounds\TFR4A.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1793408275\Backgrounds\TFR4B.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1793408275\Backgrounds\TFR4C.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1793408275\Backgrounds\TFR4D.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1793408275\Backgrounds\TFR57.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1793408275\Backgrounds\TFR58.dat Object is locked skipped
C:\Documents and Settings\Pam\Application Data\Microsoft\MSN Messenger\1793408275\Backgrounds\TFR59.dat Object is locked skipped
C:\Documents and Settings\Pam\Appl

#8 beynac

Silver Member

Visiting Fellow
459 posts

Posted 12 March 2007 - 07:12 AM

I haven't had the chance to go through the logs thoroughly yet, but I notice that the McAfee programs are not showing in your latest HijackThis log. Have you uninstalled it? If so, you have left your computer unprotected. It is vital that you either re-install at least the McAfee antivirus and firewall immediately or install a different antivirus program and firewall. If you don't wish to use McAfee, I can recommend some good alternatives.

Please let me know, as a matter of urgency, if you didn't uninstall McAfee.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#9 beynac

Silver Member

Visiting Fellow
459 posts

Posted 12 March 2007 - 08:57 AM

I will repeat my previous post, so that it doesn't get missed:

I haven't had the chance to go through the logs thoroughly yet, but I notice that the McAfee programs are not showing in your latest HijackThis log. Have you uninstalled it? If so, you have left your computer unprotected. It is vital that you either re-install at least the McAfee antivirus and firewall immediately or install a different antivirus program and firewall. If you don't wish to use McAfee, I can recommend some good alternatives.

Please let me know, as a matter of urgency, if you didn't uninstall McAfee.

The logs are clean. I don't think that I need to see the rest of the Kaspersky log as the summary says that it didn't find any infected or suspicious objects. I don't see that your problems with Firefox and Thunderbird can be malware-related. I have found some links that may help.

Firefox

A lot of speed problems seem to be connected with extensions and add-ons. Do you use many extensions? Are they all compatible with the latest version of Firefox? Do you use the User Agent Switcher extension. If so, try uninstalling and re-installing it: "Start Firefox in safe mode, uninstall the User Agent Switcher extension, and restart Firefox. You may now install the extension again without it hanging".

Have a look at this link for more information.

Thunderbird

Do you regularly compact folders for all users on a regular basis? Failure to do this seems to be the main reason for Thunderbird being slow to open. See this link for further information.

-------------------------------------------------------------

Please sort out the antivirus and firewall question and post a new HijackThis log. Please let me know if the above information has helped to speed up Firefox and Thunderbird.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#10 beynac

Silver Member

Visiting Fellow
459 posts

Posted 17 March 2007 - 04:46 AM

Hi. It's been a few days since I posted. Please let me know whether you still want our help with this.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#11 cracked_up

New Member

New Member
6 posts

Posted 17 March 2007 - 05:38 PM

Sorry I haven't posted sooner, working long hours. Thank you for all the help also. Now, the latest.

I do not believe I use any extensions or the user agent switcher. I do regularly compact folders for all users on a regular basis. I have two users and each logs in through a different user through XP. I did uninstall the McAfee, and am now trying AVAST anti-virus, wanted to see if that would help the speed at all and it is still the same. Maybe I should just do a fresh load of xp and my other programs?

Hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 7:32:50 PM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system32\HPHipm11.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\AOL\1140065193\ee\AOLSoftware.exe
C:\windows\system32\hphmon04.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140065193\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHmon04] C:\windows\system32\hphmon04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172714081065
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\windows\system32\HPHipm11.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

#12 cracked_up

New Member

New Member
6 posts

Posted 17 March 2007 - 05:44 PM

I have just deleted all the .msf files, and Thunderbird and Firefox seem to be loading faster. Please let me know if there is anything else I need to do. Thank you for all the help and patience.

#13 beynac

Silver Member

Visiting Fellow
459 posts

Posted 18 March 2007 - 08:41 AM

I'm pleased that things have speeded up a bit. I don't know of anything else that could help. You could try a defrag maybe.

I note that you are trying out Avast, but I cannot see any sign that you are using a firewall. Are you using Windows XP Firewall? If not, I suggest that you switch it on immediately. Windows XP Firewall is better than nothing, but it only protects against incoming traffic. It doesn't protect you against outgoing baddies trying to "phone home". I strongly suggest that you use one of the third-party ones. Sunbelt Kerio and Zone Alarm are both good and have a free version. I cannot stress how important it is that you use a firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can greatly lower your risk.

Only ever have one real-time antivirus program and one firewall running. If you want to re-install McAfee, you will need to uninstall Avast first.

Please let me know if you have any other questions.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#14 beynac

Silver Member

Visiting Fellow
459 posts

Posted 20 March 2007 - 07:37 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

Body Background

skin color theme