Trouble with multiple trojans. Please Help

Unknown

Greetings,
As a first timer here,I am particularly glad to find you folks.This started this
morning, with a trojan message from a little pop up on my McAfee system.
It said that it couldn't clean or delete a trojan called "Exploit-Byte Verify,
JVShinwow".
I ran the McAfee virus scan,and the above viruses/trojans (?) were listed,
and I was unable to remove them automatically or manually.
While running these processes, I discovered this site,and began following
the directions put forth in the "READ this first before you post your HJT log".
I will be very grateful is someone can please help me!
My particulars are: windows xp with sp2 (build2600)
I'm using Internet explorer

KASPERSKY ON-LINE SCANNER REPORT
Thursday, May 04, 2006 5:40:18 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 5/05/2006
Kaspersky Anti-Virus database records: 180206


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Email
C:\

Scan Statistics
Total number of scanned objects 43
Number of viruses found 1
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 00:02:40

Infected Object Name Virus Name Last Action
C:\Documents and Settings\dean b.foltz.D4RP4C71\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@entermail.net][Date Tue, 22 Nov 2005 09:22:37 +0000 (GMT)]/UNNAMED/reg_pass.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped

C:\Documents and Settings\dean b.foltz.D4RP4C71\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@entermail.net][Date Tue, 22 Nov 2005 09:22:37 +0000 (GMT)]/UNNAMED/reg_pass.zip Infected: Email-Worm.Win32.Sober.y skipped

C:\Documents and Settings\dean b.foltz.D4RP4C71\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@entermail.net][Date Tue, 22 Nov 2005 09:22:37 +0000 (GMT)]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped

C:\Documents and Settings\dean b.foltz.D4RP4C71\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 3 skipped

Scan process completed.

KASPERSKY ON-LINE SCANNER REPORT
Thursday, May 04, 2006 7:17:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 5/05/2006
Kaspersky Anti-Virus database records: 180206


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\

Scan Statistics
Total number of scanned objects 105516
Number of viruses found 2
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 01:17:34

Infected Object Name Virus Name Last Action
C:\Documents and Settings\dean b.foltz.D4RP4C71\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@entermail.net][Date Tue, 22 Nov 2005 09:22:37 +0000 (GMT)]/UNNAMED/reg_pass.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped

C:\Documents and Settings\dean b.foltz.D4RP4C71\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@entermail.net][Date Tue, 22 Nov 2005 09:22:37 +0000 (GMT)]/UNNAMED/reg_pass.zip Infected: Email-Worm.Win32.Sober.y skipped

C:\Documents and Settings\dean b.foltz.D4RP4C71\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx/[From postman@entermail.net][Date Tue, 22 Nov 2005 09:22:37 +0000 (GMT)]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped

C:\Documents and Settings\dean b.foltz.D4RP4C71\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 3 skipped

C:\Program Files\MediaPipe\api.exe/data0002 Infected: Backdoor.Win32.Agent.so skipped

C:\Program Files\MediaPipe\api.exe NSIS: infected - 1 skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 8:01:23 PM, on 5/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Hopefully I have included all the necessary information as instructed.
Thanks for any help that any of the experts can give to me.
I greatly appreciate your time.
sincerely, vestige

here's the BitDefender Report
BitDefender Online Scanner - Real Time Virus Report



Generated at: Thu, May 04, 2006 - 16:53:24

---

Scan Info



Scanned Files
461675

Infected Files
6








Virus Detected



MemScan:Trojan.Small.Y
1

Win32.Sober.Y@mm
1

Adware.Wheaterbug.A
2

BehavesLike:Trojan.Downloader
2


Thank you

Trogan

Hi vestige, welcome to Short-Media!

Can you do the following please. You may want to save or print these instructions out as you'll have no internet connection later on.

================================================================

Go into Add/Remove programs and uninstall the following, if found:

MediaPipe

================================================================

Download Ewido Anti-Malware

• Install Ewido
• When installing the program, under "Additonal Options" uncheck:
  • Install background guard
  • Install scan via context menu
• Once installed, open Ewido
• You will need to update Ewido to the latest definition files
  • On the left hand side of the main screen click update.
  • Then click on the Start Update button.
• The update will start and a progress bar will show the updates being installed.
  • If you are having problems with the updater, you can manually update Ewido » Ewido manual updates.
• After it has finished, close Ewido.

================================================================

Please disable Windows Defender as it may interfere with the fix:

Windows Defender
1) Open Windows Defender.
2) Click on Tools > General Settings.
3) Scroll Down and Uncheck Turn on real-time Protection (recommended).
4) After you uncheck these, click on the Save button and close Windows Defender.
5) Right click on the Windows Defender icon on the taskbar and select Shutdown Windows Defender.

Once we have finished, you can enable Windows Defender.

================================================================

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked

================================================================

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

================================================================

Once in Safe Mode, do the following:

We need to view hidden files and folders:

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Show hidden files and folders.
• Uncheck the Hide protected operating system files (recommended) option.
• Click Yes to confirm.
• Click OK.

================================================================

Find and Delete the following:

C:\Program Files\MediaPipe << this folder

================================================================

Please open Ewido.

• Click on scanner
• Click Complete System Scan. (Please don't use the computer while Ewido is scanning)
• NOTE: During some scans with Ewido it is finding cases of false positives.
• You will need to step through the process of cleaning files one-by-one.
• If Ewido detects a file you KNOW to be legitimate, select none as the action.
• DO NOT select "Perform action on all infections"
• If you are unsure of any entry found select none for now.
• When the scan is finished, click the Save report button at the bottom of the screen.
• Save the report to your desktop

Close Ewido

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

vestige

Hi Trogan_1000
Let me start by thanking you for your help.Learning about your forum has
been very important to me.I'd certainly be lost without your help.After a few
hiccups,I think that I've been able to follow your instructions.
So here's the Ewido scan and the newest HJT scan:

---

ewido anti-malware - Scan report

---

+ Created on: 11:37:42 AM, 5/8/2006
+ Report-Checksum: 1DDA55FC

+ Scan result:

[2192] C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup
C:\Documents and Settings\dean b.foltz\Cookies\dean [email]b.foltz@ad.yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dean b.foltz\Cookies\dean [email]b.foltz@ehg-dig.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.9:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.10:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.46:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.47:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.48:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.49:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.52:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.55:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.74:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.83:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.126:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.232:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.233:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.234:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.235:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.261:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.262:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.263:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.264:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.278:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.291:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.292:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.293:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.296:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.298:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.299:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.300:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.301:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.302:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.305:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.313:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.314:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.315:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.390:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.475:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.652:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.653:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.710:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.714:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.715:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.716:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.717:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.718:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.725:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.726:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.727:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.740:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.741:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.757:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.758:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.759:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.760:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.800:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.809:C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@ad.yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@com[1].txt[/email] -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@statcounter[2].txt[/email] -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@tacoda[2].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@www.myaffiliateprogram[2].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@buycom.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@data3.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@data4.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@e-2dj6wfk4kodpggp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@web-stat[2].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\violet e.foltz.D4RP4C71\Cookies\violet [email]e.foltz@www.burstbeacon[2].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Downloads\ElfBowling_bocce_styleSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq111.tmp -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq112.tmp -> TrackingCookie.Clickbank : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12A.tmp -> TrackingCookie.247realmedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq136.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17E.tmp -> TrackingCookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq180.tmp -> TrackingCookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq192.tmp -> TrackingCookie.247realmedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A7.tmp -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A9.tmp -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp -> TrackingCookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.Onestat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> TrackingCookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> TrackingCookie.Counted : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Realtracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp -> TrackingCookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp -> TrackingCookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> TrackingCookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD7.tmp -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB.tmp -> TrackingCookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDC.tmp -> TrackingCookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE1.tmp -> TrackingCookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE3.tmp -> TrackingCookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE6.tmp -> TrackingCookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE7.tmp -> TrackingCookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE8.tmp -> TrackingCookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE9.tmp -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEC.tmp -> TrackingCookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqED.tmp -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF5.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFA.tmp -> TrackingCookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFB.tmp -> TrackingCookie.Valuead : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFC.tmp -> TrackingCookie.Valueclick : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 11:46:04 AM, on 5/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


I hope that this will help solve my problem.I can't imagine the amount of
troubles on these scans,they do seem to be quite thorough.
I do however hope that I didn't delete anything that I shouldn't have.

I read some of your other material on this site,and I think that I engaged all
of this stuff when I clicked on an ActiveX prompt.Lesson learned.

thanks :smiles: with regards, vestige

Trogan

Next step is to run this online scan please:

Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log


I also need to see a different type of log from Hijackthis

• Run Hijackthis.
• Click on "Open the Misc Tools section".
• Next click on "Open uninstall manager".
• Press the button 'save list'. It will open a Notepad file.
• Place the content of that file here in your in your next post.

vestige

Hello again,
Here's the Panda Scan,the latest HJT log,and the uninstall list from HJT.
These are the three elements that are now required,as I understand it.
Thanks for all of your help!



Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\dean b.foltz\Cookies\dean [email]b.foltz@atwola[1].txt[/email]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\dean b.foltz\Cookies\dean [email]b.foltz@go[1].txt[/email]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\dean b.foltz\Cookies\dean [email]b.foltz@webpower[1].txt[/email]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\dean b.foltz.D4RP4C71\Application Data\Mozilla\Firefox\Profiles\v49ma244.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@go[2].txt[/email]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\dean b.foltz.D4RP4C71\Cookies\dean [email]b.foltz@realmedia[1].txt[/email]

Logfile of HijackThis v1.99.1
Scan saved at 8:04:18 AM, on 5/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe



ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.7
America Online (Choose which version to remove)
AOL Toolbar
Banctec Service Agreement
CardPlayer Poker
Cue Master(TM) Gold
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
EarthLink setup files
ESPN RunTime
ewido anti-malware
Full Tilt Poker
Get High Speed Internet!
Google Toolbar for Internet Explorer
Gutterball 2
Hijackthis 1.99.1
HijackThis 1.99.1
Hoyle Card Games 2004
Hoyle Casino 2004
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 2
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky On-line Scanner
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee SpamKiller
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework SDK (English) 1.1
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
MONOPOLY CASINO Vegas Edition
Mozilla Firefox (1.5)
MSN
Musicmatch® Jukebox
NetZeroInstallers
OLYMPUS Master
p2pnetworks
Panda ActiveScan
PartyPoker
Photo Click
Poker Superstars
PokerStars
Professor Teaches Windows XP Home Edition
QuickBooks Simple Start Special Edition
QuickTime
RealArcade
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
TechConnect
TestPokerStars.com
Tik's Texas Hold 'em(TM) Gold
UltimateBet
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Viewpoint Media Player
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar for Internet Explorer
Zzed

Well that should do it for this latest leg of the fix.....thank you very much.
take care, vestige

Trogan

Thanks for posting the logs!

Go to Start > Control Panel > Internet Options.
Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK

Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked and then press "OK" to remove:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

================================================================

Update your Java.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

• Close any programmes you may have running, ESPECIALLY your web browser
• Click Start > Control Panel.
• Click Add/Remove Programs.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove all versions of Java.
• Reboot your computer once all Java components are removed.

Then download the latest version of Java Runtime Environment, and install it to your computer.

================================================================

Go into Add/Remove programs in Control Panel and uninstall the following:

p2pnetworks
Get High Speed Internet! << Remove this unless you know what it is!

I see you have some poker games on your computer. Unless you use them, I suggest that you uninstall them:

Full Tilt Poker
Hoyle Card Games 2004
Hoyle Casino 2004
MONOPOLY CASINO Vegas Edition
PartyPoker
Poker Superstars
PokerStars
TestPokerStars.com
Tik's Texas Hold 'em(TM) Gold
UltimateBet

I also see you have Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This may change in 2006 read this article http://www.clickz.com/news/article.php/3561546
Unless you are using AOL as an ISP or AOL Instant Messenger I would recommend removing it.

================================================================

Reboot your computer and post a new HJT log, along with a new uninstall list please.

vestige

Hello again,
I have followed all of your instructions,including:
1.Deleting all reccomended files.
2.Updating my Java.
3.Removing "p2pnetworks" and "Get High Speed Internet".
4.Removed five of the games as suggested.
5.Removed "Viewpoint".

Here are the latest versions of the HJT log and the uninstall list as you
requested.

Logfile of HijackThis v1.99.1
Scan saved at 9:49:58 PM, on 5/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe





ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.7
America Online (Choose which version to remove)
AOL Toolbar
Banctec Service Agreement
CardPlayer Poker
Cue Master(TM) Gold
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
EarthLink setup files
ESPN RunTime
ewido anti-malware
Google Toolbar for Internet Explorer
Gutterball 2
Hijackthis 1.99.1
HijackThis 1.99.1
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Kaspersky On-line Scanner
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee SpamKiller
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework SDK (English) 1.1
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
MONOPOLY CASINO Vegas Edition
Mozilla Firefox (1.5)
MSN
Musicmatch® Jukebox
NetZeroInstallers
OLYMPUS Master
Panda ActiveScan
PartyPoker
Photo Click
Poker Superstars
PokerStars
Professor Teaches Windows XP Home Edition
QuickBooks Simple Start Special Edition
QuickTime
RealArcade
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
TechConnect
UltimateBet
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar for Internet Explorer
Zzed

thanks a lot for all of your help! :smiles: vestige

Trogan

Thanks for posting the logs!

Your HJT log is clean.

How is your computer now?

vestige

Wow! that's great news.
I'm very grateful for your help,and anxious to try out the computer.
I was so worried, that all I did was stay on your site,reading about this stuff,or check back the next day for your replys.
I'm ready to go now though,thanks to you.
I'll reinstate Windows Defender as suggested.
Should I return the Ad-Aware scan to it's previous version?

I guess that before I ask you 20 questions, I'll wait and see if you have any
good suggestions or reminders that will help to keep me out of trouble.

thanks again,have a great day! :smiles: vestige

Trogan

Wow! that's great news.
I'm very grateful for your help,and anxious to try out the computer.

Your welcome! Let me know how the computer is running.

Should I return the Ad-Aware scan to it's previous version?

What do you mean by this? You should have/keep the latest version of Ad-Aware.

I guess that before I ask you 20 questions, I'll wait and see if you have any good suggestions or reminders that will help to keep me out of trouble.

Here are some measures you can take to stay more secure online:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC(s) from being usurped by undesireables. If you don't have a Firewall, then choose one from the list here

Install an Anti-Virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. If you don't have an Anti-Virus program, choose one from the list here

Install and keep updated, Ad-Aware SE and Spybot Search & Destroy.
Run them both on a regular basis, following the manufacturer's recommendations.

Install and keep updated, SpywareBlaster and SpywareGuard

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

Clear your Temp folders.
Go to Start > Control Panel > Internet Options.
Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK

Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked and then press "OK" to remove:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

Also, go to Start > Find/Search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents from the following folders:

C:\Windows\temp
C:\temp <-- if you have one.
Note: Empty contents but don't delete the folder(s) itself.

Clear out temp files from the following location. Change "username" to whatever you have on your computer.

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin!

Hide system files
It is very important that system files and folders are hidden again, so that they DO NOT get deleted by mistake. To hide system files and folders, do the following for your operating system...

Windows XP
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading, uncheck Do not show hidden files and folders
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start | Run | type msconfig | Press Enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot! Go back in and Turn System Restore Back on. A new Restore Point will be created automatically.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

================================================================

Are there any questions or problems I can help you with?

vestige

Hey there.....how's it going?
Everything is running well. THANKS!
In response to the Ad-Aware question,thats something that I did after reading the thread entitled " what to do before you post a HJT log ".I'll return it to it's latest version,unless you tell me differently.
Everthing seems to be running well in Firefox too.
In fact I need to reboot now in response to an update alert.
I also "flushed the restore points" as suggested.
I'll leave you another message tomorrow,after I've acted on some of your other ideas.
thanks,vestige

Trogan

In response to the Ad-Aware question,thats something that I did after reading the thread entitled " what to do before you post a HJT log ".I'll return it to it's latest version,unless you tell me differently.

Definitely keep to the latest version. No point in running an out-dated version.

I'l be waiting to see how things are.

vestige

Hi Trogan_1000,

How's it going?

I must say,that this is the absolute best that this computer has run in quite some time.I imagine that if I keep up with your reccomendations,that I will continue to enjoy great results.

I am running Mozilla Firefox currently,and I'm not even picking up any malware on any of the scans.That never happened with IE. :smiles:

Is there any further advantage to running Opera,or am I good with Firefox?
It's funny,that I'm out of questions,for now.That in itself is unusual,but if I have any other concerns,I appreciate your offer to post back if I have any problems.

thank you,and have a nice weekend, vestige

Trogan

I'm glad your computer is running better than before. :thumsbup:

I wouldn't think there is much of an advantage for using Opera over Firefox or vice versa. It comes down to personal perference on which you prefer, as long as your not using IE.

My weekend has been good so far. Hope you have a nice weekend too.