Trouble with multiple trojans. Please Help

Comments

• Trogan London, UK

  May 2006 edited May 2006

  Hi vestige, welcome to Short-Media!
  
  Can you do the following please. You may want to save or print these instructions out as you'll have no internet connection later on.
  
  ================================================================
  
  Go into Add/Remove programs and uninstall the following, if found:
  
  MediaPipe
  
  ================================================================
  
  Download Ewido Anti-Malware
  

  • Install Ewido
  • When installing the program, under "Additonal Options" uncheck:
    • Install background guard
    • Install scan via context menu
  • Once installed, open Ewido
  • You will need to update Ewido to the latest definition files
    • On the left hand side of the main screen click update.
    • Then click on the Start Update button.
  • The update will start and a progress bar will show the updates being installed.
    • If you are having problems with the updater, you can manually update Ewido » Ewido manual updates.
  • After it has finished, close Ewido.

  ================================================================
  
  Please disable Windows Defender as it may interfere with the fix:
  
  Windows Defender
  1) Open Windows Defender.
  2) Click on Tools > General Settings.
  3) Scroll Down and Uncheck Turn on real-time Protection (recommended).
  4) After you uncheck these, click on the Save button and close Windows Defender.
  5) Right click on the Windows Defender icon on the taskbar and select Shutdown Windows Defender.
  
  Once we have finished, you can enable Windows Defender.
  
  ================================================================
  
  Open HijackThis
  - Click the Do a system scan only button
  - Check the following entries (below)
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
  
  R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
  
  - Close ALL open windows (especially Internet Explorer!)
  Click Fix Checked
  
  ================================================================
  
  Next, please reboot your computer in Safe Mode by doing the following:
  1) Restart your computer
  2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3) Instead of Windows loading as normal, a menu should appear
  4) Select the first option, to run Windows in Safe Mode.
  
  For additional help in booting into Safe Mode, see the following site:
  http://www.pchell.com/support/safemode.shtml
  
  ================================================================
  
  Once in Safe Mode, do the following:
  
  We need to view hidden files and folders:
  

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

  
  ================================================================
  
  Find and Delete the following:
  
  C:\Program Files\MediaPipe << this folder
  
  ================================================================
  
  Please open Ewido.

  • Click on scanner
  • Click Complete System Scan. (Please don't use the computer while Ewido is scanning)
  • NOTE: During some scans with Ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If Ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop

  Close Ewido
  
  Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

  0
• vestige

  May 2006 edited May 2006

  Hi Trogan_1000
  Let me start by thanking you for your help.Learning about your forum has
  been very important to me.I'd certainly be lost without your help.After a few
  hiccups,I think that I've been able to follow your instructions.
  So here's the Ewido scan and the newest HJT scan:
  

  ---

  ewido anti-malware - Scan report

  ---

  
  + Created on: 11:37:42 AM, 5/8/2006
  + Report-Checksum: 1DDA55FC
  
  + Scan result:
  
  [2192] C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup
  C:\Documents and Settings\dean b.foltz\Cookies\dean [email]b.foltz@ad.yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
  C:\Documents and Settings\dean b.foltz\Cookies\dean [email]b.foltz@ehg-dig.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned with backup
  :mozilla.9:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
  :mozilla.10:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.11:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.12:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.13:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.14:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.15:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.16:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.17:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.18:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.19:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.20:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.21:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.22:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.23:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.24:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.25:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.26:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.27:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.28:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.29:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.30:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.31:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.43:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
  :mozilla.44:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
  :mozilla.45:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
  :mozilla.46:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
  :mozilla.47:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
  :mozilla.48:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
  :mozilla.49:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
  :mozilla.52:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.54:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
  :mozilla.55:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
  :mozilla.74:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
  :mozilla.83:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
  :mozilla.84:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.92:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.125:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
  :mozilla.126:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
  :mozilla.127:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
  :mozilla.128:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
  :mozilla.129:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
  :mozilla.134:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.192:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.227:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
  :mozilla.232:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
  :mozilla.233:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
  :mozilla.234:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
  :mozilla.235:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
  :mozilla.261:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
  :mozilla.262:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
  :mozilla.263:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
  :mozilla.264:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
  :mozilla.278:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.291:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
  :mozilla.292:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
  :mozilla.293:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
  :mozilla.296:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.298:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
  :mozilla.299:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
  :mozilla.300:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
  :mozilla.301:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
  :mozilla.302:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
  :mozilla.305:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
  :mozilla.313:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
  :mozilla.314:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
  :mozilla.315:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
  :mozilla.390:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
  :mozilla.475:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
  :mozilla.652:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
  :mozilla.653:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
  :mozilla.710:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
  :mozilla.714:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
  :mozilla.715:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
  :mozilla.716:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
  :mozilla.717:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
  :mozilla.718:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
  :mozilla.725:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
  :mozilla.726:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
  :mozilla.727:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
  :mozilla.740:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
  :mozilla.741:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
  :mozilla.757:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
  :mozilla.758:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
  :mozilla.759:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
  :mozilla.760:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
  :mozilla.800:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
  :mozilla.809:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
  C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@ad.yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
  C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@com[1].txt[/email] -> TrackingCookie.Com : Cleaned with backup
  C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@statcounter[2].txt[/email] -> TrackingCookie.Statcounter : Cleaned with backup
  C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@tacoda[2].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
  C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@www.myaffiliateprogram[2].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
  C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@buycom.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
  C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@data3.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
  C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@data4.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
  C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@e-2dj6wfk4kodpggp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
  C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
  C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@web-stat[2].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
  C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@www.burstbeacon[2].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned with backup
  C:\Downloads\ElfBowling_bocce_styleSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
  C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq111.tmp -> TrackingCookie.Zedo : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq112.tmp -> TrackingCookie.Clickbank : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12A.tmp -> TrackingCookie.247realmedia : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq136.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.Doubleclick : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> TrackingCookie.Questionmarket : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17E.tmp -> TrackingCookie.Falkag : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq180.tmp -> TrackingCookie.Statcounter : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp -> TrackingCookie.Trafficmp : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq192.tmp -> TrackingCookie.247realmedia : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Adserver : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A7.tmp -> TrackingCookie.Serving-sys : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A9.tmp -> TrackingCookie.Serving-sys : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp -> TrackingCookie.Adserver : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.Hitbox : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.Hitbox : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.Onestat : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> TrackingCookie.Com : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> TrackingCookie.Atdmt : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> TrackingCookie.Counted : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp -> TrackingCookie.2o7 : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> TrackingCookie.Advertising : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Atdmt : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.Hitbox : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.Advertising : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Zedo : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Advertising : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> TrackingCookie.Hypertracker : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Realtracker : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Burstnet : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Bluestreak : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Serving-sys : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp -> TrackingCookie.Advertising : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp -> TrackingCookie.Hitbox : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp -> TrackingCookie.Com : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp -> TrackingCookie.Revenue : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> TrackingCookie.2o7 : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> TrackingCookie.Bluestreak : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> TrackingCookie.Centrport : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> TrackingCookie.Mediaplex : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD7.tmp -> TrackingCookie.Tradedoubler : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB.tmp -> TrackingCookie.Qksrv : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDC.tmp -> TrackingCookie.Revenue : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE1.tmp -> TrackingCookie.Falkag : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE3.tmp -> TrackingCookie.Valueclick : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE6.tmp -> TrackingCookie.Centrport : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE7.tmp -> TrackingCookie.Ru4 : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE8.tmp -> TrackingCookie.Statcounter : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE9.tmp -> TrackingCookie.Questionmarket : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEC.tmp -> TrackingCookie.Ru4 : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqED.tmp -> TrackingCookie.Trafficmp : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF5.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFA.tmp -> TrackingCookie.Burstnet : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFB.tmp -> TrackingCookie.Valuead : Cleaned with backup
  C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFC.tmp -> TrackingCookie.Valueclick : Cleaned with backup
  C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
  
  
  ::Report End
  
  
  Logfile of HijackThis v1.99.1
  Scan saved at 11:46:04 AM, on 5/8/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\ewido anti-malware\ewidoctrl.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\svchost.exe
  C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
  C:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
  C:\Program Files\McAfee.com\VSO\oasclnt.exe
  C:\Program Files\Analog Devices\Core\smax4pnp.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\Program Files\ESPNRunTime\DIGServices.exe
  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Dell Support\DSAgnt.exe
  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\Program Files\Hijackthis\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
  O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
  O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /startup
  O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
  O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
  O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
  O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
  O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
  O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
  O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
  O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
  O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
  O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
  O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
  O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
  O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  
  
  I hope that this will help solve my problem.I can't imagine the amount of
  troubles on these scans,they do seem to be quite thorough.
  I do however hope that I didn't delete anything that I shouldn't have.
  
  I read some of your other material on this site,and I think that I engaged all
  of this stuff when I clicked on an ActiveX prompt.Lesson learned.
  
  thanks :smiles: with regards, vestige

  0
• Trogan London, UK

  May 2006 edited May 2006

  Next step is to run this online scan please:
  
  Panda ActiveScan
  
  - Once you are on the Panda site, click the Scan your PC button
  - A new window will open...click the Check Now button
  - Enter your Country
  - Enter your State/Province
  - Enter your e-mail address and click send
  - Select either Home User or Company
  - Click the big Scan Now button
  - If it wants to install an ActiveX component allow it
  - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  - When download is complete, click on Local Disks to start the scan
  - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
  
  Post the contents of the Panda scan report, along with a new HijackThis Log
  
  
  I also need to see a different type of log from Hijackthis
  

  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next post.

  0
• vestige

  May 2006 edited May 2006

  Hello again,
  Here's the Panda Scan,the latest HJT log,and the uninstall list from HJT.
  These are the three elements that are now required,as I understand it.
  Thanks for all of your help!
  
  
  
  Incident Status Location
  
  Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\dean b.foltz\Cookies\dean [email]b.foltz@atwola[1].txt[/email]
  Spyware:Cookie/Go Not disinfected C:\Documents and Settings\dean b.foltz\Cookies\dean [email]b.foltz@go[1].txt[/email]
  Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\dean b.foltz\Cookies\dean [email]b.foltz@webpower[1].txt[/email]
  Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt[.realmedia.com/]
  Spyware:Cookie/Go Not disinfected C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@go[2].txt[/email]
  Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@realmedia[1].txt[/email]
  
  Logfile of HijackThis v1.99.1
  Scan saved at 8:04:18 AM, on 5/9/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\ewido anti-malware\ewidoctrl.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
  C:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
  C:\Program Files\McAfee.com\VSO\oasclnt.exe
  C:\Program Files\Analog Devices\Core\smax4pnp.exe
  C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\Program Files\ESPNRunTime\DIGServices.exe
  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Dell Support\DSAgnt.exe
  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\dlbtcoms.exe
  C:\Program Files\Hijackthis\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
  O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
  O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /startup
  O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
  O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
  O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
  O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
  O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
  O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
  O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
  O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
  O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
  O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
  O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
  O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
  O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  
  
  
  ABBYY FineReader 5.0 Sprint Plus
  Ad-Aware SE Personal
  Adobe Download Manager 2.0 (Remove Only)
  Adobe Photoshop Album 2.0 Starter Edition
  Adobe Reader 7.0.7
  America Online (Choose which version to remove)
  AOL Toolbar
  Banctec Service Agreement
  CardPlayer Poker
  Cue Master(TM) Gold
  Dell Digital Jukebox Driver
  Dell Driver Reset Tool
  Dell Media Experience
  Dell Photo AIO Printer 922
  Dell Picture Studio v3.0
  Dell Support 5.0.0 (630)
  EarthLink setup files
  ESPN RunTime
  ewido anti-malware
  Full Tilt Poker
  Get High Speed Internet!
  Google Toolbar for Internet Explorer
  Gutterball 2
  Hijackthis 1.99.1
  HijackThis 1.99.1
  Hoyle Card Games 2004
  Hoyle Casino 2004
  ImageMixer VCD/DVD2 for OLYMPUS
  Intel(R) 537EP V9x DF PCI Modem
  Intel(R) Extreme Graphics 2 Driver
  Intel(R) PRO Network Adapters and Drivers
  Intel(R) PROSet for Wired Connections
  Internet Explorer Default Page
  J2SE Runtime Environment 5.0 Update 2
  Jasc Paint Shop Photo Album
  Jasc Paint Shop Photo Album 5
  Jasc Paint Shop Pro 8 Dell Edition
  Jasc Paint Shop Pro Studio, Dell Editon
  Java 2 Runtime Environment, SE v1.4.2_03
  Kaspersky On-line Scanner
  Learn2 Player (Uninstall Only)
  Macromedia Flash Player
  Macromedia Flash Player 8
  Macromedia Shockwave Player
  McAfee Personal Firewall Plus
  McAfee Privacy Service
  McAfee SecurityCenter
  McAfee SpamKiller
  McAfee VirusScan
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1 Hotfix (KB886903)
  Microsoft .NET Framework SDK (English) 1.1
  Microsoft Encarta Encyclopedia Standard 2005
  Microsoft Money 2005
  Microsoft Picture It! Premium 10
  Microsoft Plus! Digital Media Edition Installer
  Microsoft Plus! Photo Story 2 LE
  Microsoft Streets and Trips 2005
  Microsoft Word 2002
  Microsoft Works
  Microsoft Works 2005 Setup Launcher
  Microsoft Works Suite Add-in for Microsoft Word
  Modem Event Monitor
  Modem Helper
  Modem On Hold
  MONOPOLY CASINO Vegas Edition
  Mozilla Firefox (1.5)
  MSN
  Musicmatch® Jukebox
  NetZeroInstallers
  OLYMPUS Master
  p2pnetworks
  Panda ActiveScan
  PartyPoker
  Photo Click
  Poker Superstars
  PokerStars
  Professor Teaches Windows XP Home Edition
  QuickBooks Simple Start Special Edition
  QuickTime
  RealArcade
  RealPlayer
  Security Update for Step By Step Interactive Training (KB898458)
  Security Update for Windows Media Player (KB911564)
  Security Update for Windows Media Player 10 (KB911565)
  Security Update for Windows XP (KB883939)
  Security Update for Windows XP (KB890046)
  Security Update for Windows XP (KB893756)
  Security Update for Windows XP (KB896358)
  Security Update for Windows XP (KB896422)
  Security Update for Windows XP (KB896423)
  Security Update for Windows XP (KB896424)
  Security Update for Windows XP (KB896428)
  Security Update for Windows XP (KB896688)
  Security Update for Windows XP (KB899587)
  Security Update for Windows XP (KB899588)
  Security Update for Windows XP (KB899591)
  Security Update for Windows XP (KB900725)
  Security Update for Windows XP (KB901017)
  Security Update for Windows XP (KB901214)
  Security Update for Windows XP (KB902400)
  Security Update for Windows XP (KB903235)
  Security Update for Windows XP (KB904706)
  Security Update for Windows XP (KB905414)
  Security Update for Windows XP (KB905749)
  Security Update for Windows XP (KB905915)
  Security Update for Windows XP (KB908519)
  Security Update for Windows XP (KB908531)
  Security Update for Windows XP (KB911562)
  Security Update for Windows XP (KB911567)
  Security Update for Windows XP (KB911927)
  Security Update for Windows XP (KB912812)
  Security Update for Windows XP (KB912919)
  Security Update for Windows XP (KB913446)
  Shockwave
  Sonic DLA
  Sonic RecordNow!
  Sonic Update Manager
  Spybot - Search & Destroy 1.4
  SpywareBlaster v3.5.1
  TechConnect
  TestPokerStars.com
  Tik's Texas Hold 'em(TM) Gold
  UltimateBet
  Update for Windows XP (KB894391)
  Update for Windows XP (KB896727)
  Update for Windows XP (KB898461)
  Update for Windows XP (KB900485)
  Update for Windows XP (KB910437)
  Viewpoint Media Player
  Windows Defender
  Windows Defender Signatures
  Windows Installer 3.1 (KB893803)
  Windows Media Format Runtime
  Windows Media Player 10
  Windows Media Player 10
  Windows XP Hotfix - KB867282
  Windows XP Hotfix - KB873333
  Windows XP Hotfix - KB885250
  Windows XP Hotfix - KB885836
  Windows XP Hotfix - KB885884
  Windows XP Hotfix - KB886185
  Windows XP Hotfix - KB887742
  Windows XP Hotfix - KB888302
  Windows XP Hotfix - KB890859
  Windows XP Hotfix - KB890923
  Windows XP Hotfix - KB893066
  Windows XP Hotfix - KB893086
  Yahoo! Anti-Spy
  Yahoo! extras
  Yahoo! Install Manager
  Yahoo! Internet Mail
  Yahoo! Messenger
  Yahoo! Toolbar for Internet Explorer
  Zzed
  
  Well that should do it for this latest leg of the fix.....thank you very much.
  take care, vestige

  0
• Trogan London, UK

  May 2006 edited May 2006

  Thanks for posting the logs!
  
  Go to Start > Control Panel > Internet Options.
  Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK
  
  Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked and then press "OK" to remove:
  

  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin

  ================================================================
  
  Update your Java.
  Older versions have vulnerabilities that malware can use to infect your system.
  Please follow these steps to remove older version Java components.

  • Close any programmes you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.

  Then download the latest version of Java Runtime Environment, and install it to your computer.
  
  ================================================================
  
  Go into Add/Remove programs in Control Panel and uninstall the following:
  
  p2pnetworks
  Get High Speed Internet! << Remove this unless you know what it is!
  
  I see you have some poker games on your computer. Unless you use them, I suggest that you uninstall them:
  
  Full Tilt Poker
  Hoyle Card Games 2004
  Hoyle Casino 2004
  MONOPOLY CASINO Vegas Edition
  PartyPoker
  Poker Superstars
  PokerStars
  TestPokerStars.com
  Tik's Texas Hold 'em(TM) Gold
  UltimateBet
  
  I also see you have Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This may change in 2006 read this article http://www.clickz.com/news/article.php/3561546
  Unless you are using AOL as an ISP or AOL Instant Messenger I would recommend removing it.
  
  ================================================================
  
  Reboot your computer and post a new HJT log, along with a new uninstall list please.

  0
• vestige

  May 2006 edited May 2006

  Hello again,
  I have followed all of your instructions,including:
  1.Deleting all reccomended files.
  2.Updating my Java.
  3.Removing "p2pnetworks" and "Get High Speed Internet".
  4.Removed five of the games as suggested.
  5.Removed "Viewpoint".
  
  Here are the latest versions of the HJT log and the uninstall list as you
  requested.
  
  Logfile of HijackThis v1.99.1
  Scan saved at 9:49:58 PM, on 5/9/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\ewido anti-malware\ewidoctrl.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
  C:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
  C:\Program Files\McAfee.com\VSO\oasclnt.exe
  C:\Program Files\Analog Devices\Core\smax4pnp.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\Program Files\ESPNRunTime\DIGServices.exe
  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\Dell Support\DSAgnt.exe
  C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
  C:\WINDOWS\system32\svchost.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\Hijackthis\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
  O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
  O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /startup
  O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
  O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
  O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
  O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
  O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
  O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
  O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
  O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
  O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
  O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
  O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
  O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
  O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
  O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
  O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
  O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
  O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
  O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  
  
  
  
  
  ABBYY FineReader 5.0 Sprint Plus
  Ad-Aware SE Personal
  Adobe Download Manager 2.0 (Remove Only)
  Adobe Photoshop Album 2.0 Starter Edition
  Adobe Reader 7.0.7
  America Online (Choose which version to remove)
  AOL Toolbar
  Banctec Service Agreement
  CardPlayer Poker
  Cue Master(TM) Gold
  Dell Digital Jukebox Driver
  Dell Driver Reset Tool
  Dell Media Experience
  Dell Photo AIO Printer 922
  Dell Picture Studio v3.0
  Dell Support 5.0.0 (630)
  EarthLink setup files
  ESPN RunTime
  ewido anti-malware
  Google Toolbar for Internet Explorer
  Gutterball 2
  Hijackthis 1.99.1
  HijackThis 1.99.1
  ImageMixer VCD/DVD2 for OLYMPUS
  Intel(R) 537EP V9x DF PCI Modem
  Intel(R) Extreme Graphics 2 Driver
  Intel(R) PRO Network Adapters and Drivers
  Intel(R) PROSet for Wired Connections
  Internet Explorer Default Page
  J2SE Runtime Environment 5.0 Update 6
  Jasc Paint Shop Photo Album
  Jasc Paint Shop Photo Album 5
  Jasc Paint Shop Pro 8 Dell Edition
  Jasc Paint Shop Pro Studio, Dell Editon
  Kaspersky On-line Scanner
  Learn2 Player (Uninstall Only)
  Macromedia Flash Player
  Macromedia Flash Player 8
  Macromedia Shockwave Player
  McAfee Personal Firewall Plus
  McAfee Privacy Service
  McAfee SecurityCenter
  McAfee SpamKiller
  McAfee VirusScan
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1 Hotfix (KB886903)
  Microsoft .NET Framework SDK (English) 1.1
  Microsoft Encarta Encyclopedia Standard 2005
  Microsoft Money 2005
  Microsoft Picture It! Premium 10
  Microsoft Plus! Digital Media Edition Installer
  Microsoft Plus! Photo Story 2 LE
  Microsoft Streets and Trips 2005
  Microsoft Word 2002
  Microsoft Works
  Microsoft Works 2005 Setup Launcher
  Microsoft Works Suite Add-in for Microsoft Word
  Modem Event Monitor
  Modem Helper
  Modem On Hold
  MONOPOLY CASINO Vegas Edition
  Mozilla Firefox (1.5)
  MSN
  Musicmatch® Jukebox
  NetZeroInstallers
  OLYMPUS Master
  Panda ActiveScan
  PartyPoker
  Photo Click
  Poker Superstars
  PokerStars
  Professor Teaches Windows XP Home Edition
  QuickBooks Simple Start Special Edition
  QuickTime
  RealArcade
  RealPlayer
  Security Update for Step By Step Interactive Training (KB898458)
  Security Update for Windows Media Player (KB911564)
  Security Update for Windows Media Player 10 (KB911565)
  Security Update for Windows XP (KB883939)
  Security Update for Windows XP (KB890046)
  Security Update for Windows XP (KB893756)
  Security Update for Windows XP (KB896358)
  Security Update for Windows XP (KB896422)
  Security Update for Windows XP (KB896423)
  Security Update for Windows XP (KB896424)
  Security Update for Windows XP (KB896428)
  Security Update for Windows XP (KB896688)
  Security Update for Windows XP (KB899587)
  Security Update for Windows XP (KB899588)
  Security Update for Windows XP (KB899591)
  Security Update for Windows XP (KB900725)
  Security Update for Windows XP (KB901017)
  Security Update for Windows XP (KB901214)
  Security Update for Windows XP (KB902400)
  Security Update for Windows XP (KB903235)
  Security Update for Windows XP (KB904706)
  Security Update for Windows XP (KB905414)
  Security Update for Windows XP (KB905749)
  Security Update for Windows XP (KB905915)
  Security Update for Windows XP (KB908519)
  Security Update for Windows XP (KB908531)
  Security Update for Windows XP (KB911562)
  Security Update for Windows XP (KB911567)
  Security Update for Windows XP (KB911927)
  Security Update for Windows XP (KB912812)
  Security Update for Windows XP (KB912919)
  Security Update for Windows XP (KB913446)
  Security Update for Windows XP (KB913580)
  Shockwave
  Sonic DLA
  Sonic RecordNow!
  Sonic Update Manager
  Spybot - Search & Destroy 1.4
  SpywareBlaster v3.5.1
  TechConnect
  UltimateBet
  Update for Windows XP (KB894391)
  Update for Windows XP (KB896727)
  Update for Windows XP (KB898461)
  Update for Windows XP (KB900485)
  Update for Windows XP (KB910437)
  Windows Defender
  Windows Defender Signatures
  Windows Installer 3.1 (KB893803)
  Windows Media Format Runtime
  Windows Media Player 10
  Windows Media Player 10
  Windows XP Hotfix - KB867282
  Windows XP Hotfix - KB873333
  Windows XP Hotfix - KB885250
  Windows XP Hotfix - KB885836
  Windows XP Hotfix - KB885884
  Windows XP Hotfix - KB886185
  Windows XP Hotfix - KB887742
  Windows XP Hotfix - KB888302
  Windows XP Hotfix - KB890859
  Windows XP Hotfix - KB890923
  Windows XP Hotfix - KB893066
  Windows XP Hotfix - KB893086
  Yahoo! Anti-Spy
  Yahoo! extras
  Yahoo! Install Manager
  Yahoo! Internet Mail
  Yahoo! Messenger
  Yahoo! Toolbar for Internet Explorer
  Zzed
  
  thanks a lot for all of your help! :smiles: vestige

  0
• Trogan London, UK

  May 2006 edited May 2006

  Thanks for posting the logs!
  
  Your HJT log is clean.
  
  How is your computer now?

  0
• vestige

  May 2006 edited May 2006

  Wow! that's great news.
  I'm very grateful for your help,and anxious to try out the computer.
  I was so worried, that all I did was stay on your site,reading about this stuff,or check back the next day for your replys.
  I'm ready to go now though,thanks to you.
  I'll reinstate Windows Defender as suggested.
  Should I return the Ad-Aware scan to it's previous version?
  
  I guess that before I ask you 20 questions, I'll wait and see if you have any
  good suggestions or reminders that will help to keep me out of trouble.
  
  thanks again,have a great day! :smiles: vestige

  0
• Trogan London, UK

  May 2006 edited May 2006

  Wow! that's great news.
  I'm very grateful for your help,and anxious to try out the computer.

  Your welcome! Let me know how the computer is running.
  

  Should I return the Ad-Aware scan to it's previous version?

  What do you mean by this? You should have/keep the latest version of Ad-Aware.
  

  I guess that before I ask you 20 questions, I'll wait and see if you have any good suggestions or reminders that will help to keep me out of trouble.

  Here are some measures you can take to stay more secure online:
  
  Secure your Internet Explorer by going here and following the instructions there.
  
  Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
  
  Use a firewall to help prevent your PC(s) from being usurped by undesireables. If you don't have a Firewall, then choose one from the list here
  
  Install an Anti-Virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have an Anti-Virus program, choose one from the list here
  
  Install and keep updated, Ad-Aware SE and Spybot Search & Destroy.
  Run them both on a regular basis, following the manufacturer's recommendations.
  
  Install and keep updated, SpywareBlaster and SpywareGuard
  
  Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
  
  Clear your Temp folders.
  Go to Start > Control Panel > Internet Options.
  Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK
  
  Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked and then press "OK" to remove:
  

  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin

  Also, go to Start > Find/Search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
  
  Empty/delete the entire contents from the following folders:
  
  C:\Windows\temp
  C:\temp <-- if you have one.
  Note: Empty contents but don't delete the folder(s) itself.
  
  Clear out temp files from the following location. Change "username" to whatever you have on your computer.
  
  C:\Documents and Settings\username\Local Settings\Temp\
  
  In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
  
  Empty the Recycle Bin!
  
  Hide system files
  It is very important that system files and folders are hidden again, so that they DO NOT get deleted by mistake. To hide system files and folders, do the following for your operating system...
  
  Windows XP
  * Click Start.
  * Open My Computer.
  * Select the Tools menu and click Folder Options.
  * Select the View Tab.
  * Under the Hidden files and folders heading, uncheck Do not show hidden files and folders
  * Check the Hide protected operating system files (recommended) option.
  * Click Yes to confirm.
  * Click OK.
  
  
  For XP users.
  After something like this it is a good idea to Flush the Restore Points and start fresh.
  To flush the XP system Restore Points.
  
  Go to Start | Run | type msconfig | Press Enter.
  
  When msconfig opens, click the Launch System Restore Button.
  On the next page, click the System Restore Settings link on the left.
  
  Check the box labelled 'Turn off System restore'.
  
  Reboot! Go back in and Turn System Restore Back on. A new Restore Point will be created automatically.
  
  Note that all previous restore points will be lost.
  
  ===============
  
  If you have any more problems, post back.
  
  ================================================================
  
  Are there any questions or problems I can help you with?

  0
• vestige

  May 2006 edited May 2006

  Hey there.....how's it going?
  Everything is running well. THANKS!
  In response to the Ad-Aware question,thats something that I did after reading the thread entitled " what to do before you post a HJT log ".I'll return it to it's latest version,unless you tell me differently.
  Everthing seems to be running well in Firefox too.
  In fact I need to reboot now in response to an update alert.
  I also "flushed the restore points" as suggested.
  I'll leave you another message tomorrow,after I've acted on some of your other ideas.
  thanks,vestige

  0
• Trogan London, UK

  May 2006 edited May 2006

  In response to the Ad-Aware question,thats something that I did after reading the thread entitled " what to do before you post a HJT log ".I'll return it to it's latest version,unless you tell me differently.

  Definitely keep to the latest version. No point in running an out-dated version.
  
  I'l be waiting to see how things are.

  0
• vestige

  May 2006 edited May 2006

  Hi Trogan_1000,
  
  How's it going?
  
  I must say,that this is the absolute best that this computer has run in quite some time.I imagine that if I keep up with your reccomendations,that I will continue to enjoy great results.
  
  I am running Mozilla Firefox currently,and I'm not even picking up any malware on any of the scans.That never happened with IE. :smiles:
  
  Is there any further advantage to running Opera,or am I good with Firefox?
  It's funny,that I'm out of questions,for now.That in itself is unusual,but if I have any other concerns,I appreciate your offer to post back if I have any problems.
  
  thank you,and have a nice weekend, vestige

  0
• Trogan London, UK

  May 2006 edited May 2006

  I'm glad your computer is running better than before. :thumsbup:
  
  I wouldn't think there is much of an advantage for using Opera over Firefox or vice versa. It comes down to personal perference on which you prefer, as long as your not using IE.
  
  My weekend has been good so far. Hope you have a nice weekend too.

  0