Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log file... need some help, nail.exe ---


  • Please log in to reply
16 replies to this topic

#1 shifty35

shifty35

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 28 July 2005 - 06:46 PM

Well, heres my HJT log file, can't really figure out what to do here... also some problems with WinFixer 2005 installing itself every 5 minutes... grrr. Thanks in advance!




Logfile of HijackThis v1.99.1
Scan saved at 6:43:14 PM, on 7/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Net Nanny\nnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\dmvhfaf.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Net Nanny\nntray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Benjamin Ness\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xtdwjbd] c:\windows\system32\akttvd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [guvneb] c:\windows\system32\dmvhfaf.exe r
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe"/BEFOREINSTALL
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c11.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\system32\mscgdc.dll
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\nnsvc.exe
O23 - Service: Network Security Service (NSS) (O?rtȲ$) - Unknown owner - C:\WINDOWS\iepl.exe (file missing)

BC AdBot (Login to Remove)

 


#2 shifty35

shifty35
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 29 July 2005 - 10:10 AM

bump... any help?

//Mod edit: Logs are analyzed on a first in, first worked basis.
It takes some time to accomplish this work. Please wait for a response to this
thread before posting again. Every time you add a post, you only move yourself
farther back in the time sequence. All HJT Techs are volunteers.
Please be patient.

Edited by KoanYorel, 29 July 2005 - 04:52 PM.


#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:16 PM

Posted 30 July 2005 - 12:34 AM

Hello shifty35 and welcome to the BC malware forum. Looks like we have a few different infections going on here. Let's get a different scan to see what else is hiding in the system

Download WinPFind.zip and unzip the contents to the C:\ folder.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here so I can review it.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 shifty35

shifty35
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 30 July 2005 - 04:40 PM

No problem... here is the scan result


----------------------------------------------

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 3/10/2005 7:39:04 PM 399308800 C:\W2PFPP_EN.ISO
FSG! 3/10/2005 7:39:04 PM 399308800 C:\W2PFPP_EN.ISO
PTech 3/10/2005 7:39:04 PM 399308800 C:\W2PFPP_EN.ISO

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com 5/4/2000 7:24:16 AM 3278 C:\WINDOWS\abiuninst.htm
UPX! 7/25/2005 7:33:20 PM 189859 C:\WINDOWS\dsr.exe
SAHAgent 5/20/2005 1:43:02 AM 13297 C:\WINDOWS\KB893803v2.log
UPX! 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
FSG! 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
PEC2 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
Umonitor 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
qoologic 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
aspack 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
PTech 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
ad-beh 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
_rtneg3 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
SAHAgent 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
buddy.exe 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
ZepMon 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
aurora.exe 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
KavSvc 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
abetterinternet.com 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
web-nex 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
yourkey 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
winsync 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
WinShutDown 7/12/2005 9:37:42 PM 536428544 C:\WINDOWS\MEMORY.DMP
UPX! 8/11/2002 6:06:02 PM 52736 C:\WINDOWS\Nail.exe
UPX! 7/22/2005 10:16:12 PM 189983 C:\WINDOWS\tdtb.exe
UPX! 8/12/2002 4:39:38 PM 80384 C:\WINDOWS\tileqxqzuw.exe
buddy.exe 8/12/2002 4:39:38 PM 80384 C:\WINDOWS\tileqxqzuw.exe
UPX! 9/21/2004 9:17:02 AM 33792 C:\WINDOWS\wupdt.exe

Checking %System% folder...
UPX! 9/17/2001 1:20:02 PM 9216 C:\WINDOWS\SYSTEM32\cpuinf32.dll
UPX! 1/14/2003 9:07:34 AM 236032 C:\WINDOWS\SYSTEM32\devil.dll
PEC2 7/7/2003 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 4/30/2004 11:46:20 AM 28160 C:\WINDOWS\SYSTEM32\DrPMon.dll
ZepMon 1/14/2001 8:37:04 PM 47104 C:\WINDOWS\SYSTEM32\DrPMon.dll_tobedeleted
UPX! 8/29/2002 4:39:20 AM 136704 C:\WINDOWS\SYSTEM32\l3codeca.acm
UPX! 5/15/2004 4:10:42 PM 75264 C:\WINDOWS\SYSTEM32\MACDec.dll
UPX! 6/19/2004 6:28:44 PM 177152 C:\WINDOWS\SYSTEM32\MonkeySource.ax
UPX! 8/29/2002 4:41:28 AM 81920 C:\WINDOWS\SYSTEM32\mpg4ds32.ax
PECompact2 7/6/2005 9:21:30 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 7/6/2005 9:21:30 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 8/22/2001 7:00:00 PM 86030 C:\WINDOWS\SYSTEM32\msdjgk.dll
UPX! 8/22/2001 7:00:00 PM 218624 C:\WINDOWS\SYSTEM32\mseggo.gif
UPX! 8/22/2001 7:00:00 PM 215040 C:\WINDOWS\SYSTEM32\msfaol.dll
UPX! 8/22/2001 7:00:00 PM 209920 C:\WINDOWS\SYSTEM32\mskhhe.dll
UPX! 8/22/2001 7:00:00 PM 113664 C:\WINDOWS\SYSTEM32\msnimk.gif
UPX! 8/22/2001 7:00:00 PM 200704 C:\WINDOWS\SYSTEM32\msnkmi.dll
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
PEC2 9/17/2002 3:55:18 PM 26112 C:\WINDOWS\SYSTEM32\REGOBJ.DLL
PEC2 9/9/2002 3:30:44 PM 17408 C:\WINDOWS\SYSTEM32\reset5.dll
PEC2 5/3/2002 3:29:56 AM 7168 C:\WINDOWS\SYSTEM32\srvany.exe
winsync 7/7/2003 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Checking the Windows folder for system and hidden files within the last 60 days...
7/11/2005 3:50:50 AM 0 C:\WINDOWS\inf\oem54.inf
7/30/2005 10:37:20 AM 1024 C:\WINDOWS\system32\config\default.LOG
7/30/2005 10:49:08 AM 1024 C:\WINDOWS\system32\config\SAM.LOG
7/30/2005 10:46:24 AM 1024 C:\WINDOWS\system32\config\SECURITY.LOG
7/30/2005 1:59:06 PM 1024 C:\WINDOWS\system32\config\software.LOG
7/30/2005 10:49:34 AM 1024 C:\WINDOWS\system32\config\system.LOG
7/13/2005 11:22:56 AM 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
6/8/2005 11:25:56 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\fb4a0f5f-3d5d-4888-ba14-656fab7ea0ac
6/8/2005 11:25:56 PM 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/30/2005 10:36:16 AM 6 C:\WINDOWS\Tasks\SA.DAT

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
5/5/2005 11:50:24 AM 52544 C:\Documents and Settings\Benjamin Ness\Application Data\GDIPFONTCACHEV1.DAT
3/27/2005 2:49:44 PM 276099 C:\Documents and Settings\Benjamin Ness\Application Data\Sskknwrd.dll

Checking Selected Registry Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\SV1
SV1 =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\NN5.0.3.3
NN5.0.3.3 =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Logitech Utility Logi_MwX.Exe
VSOCheckTask "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
VirusScan Online C:\Program Files\McAfee.com\VSO\mcvsshld.exe
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
ATIPTA atiptaxx.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
ASUS Probe C:\Program Files\ASUS\Probe\AsusProb.exe
NNTray C:\Program Files\Net Nanny\nnstart.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
xtdwjbd c:\windows\system32\akttvd.exe
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
OASClnt C:\Program Files\McAfee.com\VSO\oasclnt.exe
Dinst C:\WINDOWS\dinst.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
NVMixerTray "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
NI.UWFX5LP_0001_0715 "C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe"/BEFOREINSTALL
owapml c:\windows\system32\rceciv.exe r

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
IMAIL
MAPI
MSFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Google Desktop Search "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe C:\WINDOWS\Nail.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5
= reset5.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs

Scan Complete
WinPFind v1.2.4 - Log file written to "WinPFind.Txt" in the WinPFind folder.

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:16 PM

Posted 30 July 2005 - 06:13 PM

Hi shifty35. Ok, let's see if we can't get some of this junk cleaned up. Please print these directions and then proceed with the following steps in order.

Step #1

Download and install ewido security suite. Update the program and then close it. Do not run it yet.

Download nailfix.zip and unzip it to its own folder.

Download Pocket Killbox and unzip it to your desktop. Do not run it yet.

Step #2

Now we need to remove a service.

Open Notepad and Copy/Paste the contents of the quote box below into the new document:

 
Const title = "Service Removal Tool"

Set oWS = CreateObject("Wscript.Shell")
sService = inputbox("Removing Service:",title,"Network Security Service (NSS)")

If sService = "" then
msgbox "Script halted. No changes were made.", vbInformation, title
wscript.quit
End If

strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where Name = '" & sService & "' or displayName = '" & sService & "'")
If colListOfServices.count > 0 Then
For Each objService In colListOfServices
objService.StopService()
wscript.Sleep 10000
objService.ChangeStartMode("Disabled")
wscript.Sleep 2000
objService.Delete()
Msgbox "The " & sService & " service has been removed or marked for deletion.", vbInformation, title
Next
Else
Msgbox "The " & sService & " service was not found.", vbInformation, title
End If


Save the file to your desktop as remsvc.vbs and close Notepad. Locate the remsvc.vbs file on your desktop and double-click on it to run it. Click the Ok button and wait for a messge box saying the service has been removed or marked for deletion.

Step #3

Killbox Copy/Paste

Double-click on KillBox.exe to launch the program.
  • Highlight the files in bold below and press the Ctrl key and the C key at the same time to copy them to the clipboard
    • C:\WINDOWS\dsr.dll
      C:\WINDOWS\dinst.exe
      c:\windows\system32\akttvd.exe
      c:\windows\system32\dmvhfaf.exe
      C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe
      C:\WINDOWS\system32\mscgdc.dll
      C:\WINDOWS\SYSTEM32\reset5.dll
      C:\W2PFPP_EN.ISO
      C:\WINDOWS\abiuninst.htm
      C:\WINDOWS\MEMORY.DMP (just for cleanup)
      C:\WINDOWS\tdtb.exe
      C:\WINDOWS\tileqxqzuw.exe
      C:\WINDOWS\wupdt.exe
      C:\WINDOWS\SYSTEM32\DrPMon.dll
      C:\WINDOWS\SYSTEM32\DrPMon.dll_tobedeleted
      C:\WINDOWS\SYSTEM32\msdjgk.dll
      C:\WINDOWS\SYSTEM32\mseggo.gif
      C:\WINDOWS\SYSTEM32\msfaol.dll
      C:\WINDOWS\SYSTEM32\mskhhe.dll
      C:\WINDOWS\SYSTEM32\msnimk.gif
      C:\WINDOWS\SYSTEM32\msnkmi.dll
      C:\WINDOWS\SYSTEM32\REGOBJ.DLL
      C:\WINDOWS\SYSTEM32\reset5.dll
      C:\WINDOWS\SYSTEM32\srvany.exe
      C:\Documents and Settings\Benjamin Ness\Application Data\GDIPFONTCACHEV1.DAT
      C:\Documents and Settings\Benjamin Ness\Application Data\Sskknwrd.dll
      c:\windows\system32\rceciv.exe
      C:\WINDOWS\iepl.exe
  • In Killbox click on the File menu and then the Paste from Clipboard item
  • Click the option to Delete on Reboot
  • If not greyed out click the checkbox for Unregister .dll Before Deleting
  • Now click on the red button with a white 'X' in the middle to delete the files
  • Click Yes when it says all files will be deleted on the next reboot
  • Click Yes when it asks if you want to reboot now
  • If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just reboot manually
Your system will reboot now. Reboot into Safe Mode as described in the next step.

Step #4

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #5

Navigate to the folder you unzipped nailfix.zip into and double-click on nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Step #6

Start ewido and do the following:
  • Click on the Scanner button.
  • Click on the Complete System Scan.
  • If anything is found you will be prompted to clean the first infected file found. Choose Clean and put a checkmark in the checkbox for Perform action on all infections and click the Ok button to continue the scan.
  • When the scan is complete close ewido and reboot the computer normally.
Step #7

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [xtdwjbd] c:\windows\system32\akttvd.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [guvneb] c:\windows\system32\dmvhfaf.exe r
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe"/BEFOREINSTALL
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c11.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\system32\mscgdc.dll
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #8

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 shifty35

shifty35
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 31 July 2005 - 12:59 AM

Ok, everything went well... only one problem. When running remsvc.vb script: C:\........\remsvc.vbs
Line: 15
Char: 1
Error: Critical Error
Code 8004100A
Source: SWbemObjectSet

Doesn't seem to be any type of syntax error or the like.




Ewido logfile....


---------------------------------------------------------------------------------


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:38:13 AM, 7/31/2005
+ Report-Checksum: A5B8BFE3

+ Scan result:

HKLM\SOFTWARE\Classes\actsetup.ActSetupObj -> Spyware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj\CLSID -> Spyware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj\CurVer -> Spyware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{026E4B83-1BF7-41CB-8233-4AF35341BC69} -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A7370377-E217-4467-8448-9845270CD4A3} -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{026E4B83-1BF7-41CB-8233-4AF35341BC69} -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CLSID -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CurVer -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
[928] c:\windows\system32\loowyk.exe -> Adware.BetterInternet : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.503:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Benjamin Ness\Application Data\Mozilla\Firefox\Profiles\zwulbqdq.default\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wfkignazoeog-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ondjkboq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjk4qncpalpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjk4umc5wfpa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkookdzacpa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyeodpiepq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyggdzobpq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkygncpieqa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkygpazihoa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkykgd5mbog-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ukcpiapa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjliajdpiboa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjlispajmapq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjliwicjofoa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqkcpcdqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@a-1shz2prbmdj6wvny-1sez2pra2dj6wjmiklajmapg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ad.adition[1].txt -> Spyware.Cookie.Adition : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ad.yieldmanager[4].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ads.ad-flow[1].txt -> Spyware.Cookie.Ad-flow : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ads.euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ads.x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ads15.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@bannerfarm.ace.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@blp.valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@buycom.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@clickthrough.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@cz5.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@cz6.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfk4apc5aaq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfk4kjdzwfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfk4okazoap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfk4olc5efo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfk4uhcpceo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfk4wicjmdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkiolazilp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkiqnc5idp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkiumdjsaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkoood5ahq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkoshczsdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkoskdpgep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkyehd5okp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkykjc5aap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkyqidzkgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkyqldzsfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfkywlcjshp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfl4sndzsko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfl4umczkho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfl4umdzwcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfl4uodpabo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfligidjoeq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wflikkc5eho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfliogdzweq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wflooiczokp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfloqldpicq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wflosgczwlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfmicpazggp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wfmigidzgko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4aid5khp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4apcjwbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4ejdzafq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4ekdpkhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4emcjako.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4kjczolp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4kodjiao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4ohajmdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4okazieo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4oodzogp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4qhajkeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4qidjgkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4qidzaco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4skdzkbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4slcpgap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4umc5wfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4wgazibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjk4woc5wao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoagazgfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoagcpokq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoakdjmao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoalc5wgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkockazmko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkocmczacq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkocoajcco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkococzkco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkocpcpidq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoencpslo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoggczgco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkogoczido.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkokgczafp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoohdjidp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkookdzacp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoskdpmfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkosmcpgdo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoujc5whp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoumdjgbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkoupdjgcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkowgazifq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkowid5oeo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkowocjchp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkycjdpkep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkygncpieq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkygpaziho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkykhd5wap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkykhd5wbo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkyoiczieo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkyokdpogp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkyqiazobo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkysld5ido.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkysldzgco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkysmdpweo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkyuldjsgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjkyuocpagq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjl4ajazcdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjl4cgc5cfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjl4qpdjeko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjl4skazckp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjl4soazaco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjl4ukcpiap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjliajdpibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjliggdpmcp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlikocpsbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjliohczacp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjliqnczebp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjliqnd5kbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlispajmap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjliugdjokp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjliwicjofo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjliwldjmgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlocndjceo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlogocjkfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlogpazalp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlokgc5kcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlokicjshq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjloohazwlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlowod5geq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlyajdpwkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlyclc5oho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlyegdjcep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlygldzido.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlykgajsgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlyskdjceo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlysndjmep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjlywncpkkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmiajczahp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmiqgczkao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmiqldpiao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmisoajaep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyahcjigp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyancpwlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyclcpskp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmycmdzclo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyehczkdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyehczkko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyghazmap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyghdjoao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmygmcpcep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmykhczihq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmykjajkeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyogc5iao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyqmcjwho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyqmdjkbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjmyumc5glq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyahdzekp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyajdjedo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnycgdjwlo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyeid5oao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyemcjgap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyenajcao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyepdpoco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyggcjkap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyghazoao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyghdzwgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnygicpslo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnygmczeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnygmdzmlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyomczeeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnyopdpmbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@e-2dj6wjnywjc5khp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@hotlog[1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@paycounter[2].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@sel.as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@spinbox[1].txt -> Spyware.Cookie.Spinbox : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@web4.realtracker[1].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@www.adengage[1].txt -> Spyware.Cookie.Adengage : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@www.directnetadvertising[1].txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4olc5efoaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiuhczwloqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiwicpmbpwidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkospc5ohqq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkospdzmkqqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyolcpwbogidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkysldpshpaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyumcpifqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliaocjmapqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz2prbmdj6wvny-1sez2pra2dj6wflikkc5ehow2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benjamin Ness\Cookies\benjamin ness@y-1shz

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:16 PM

Posted 31 July 2005 - 01:40 AM

Hi shifty35. Can you post a new HijackThis log too please.

Thanks.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 shifty35

shifty35
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 31 July 2005 - 09:21 AM

Sorry, I thought I did...


Logfile of HijackThis v1.99.1
Scan saved at 12:57:18 AM, on 7/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system32\lzlwlr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Benjamin Ness\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe"/BEFOREINSTALL
O4 - HKLM\..\Run: [usatub] c:\windows\system32\lzlwlr.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\nnsvc.exe
O23 - Service: Network Security Service (NSS) (O?rtȲ$) - Unknown owner - C:\WINDOWS\iepl.exe (file missing)

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:16 PM

Posted 31 July 2005 - 11:44 AM

Hi shifty35. We still have to get rid of that service and we have 1 other item to fix after that. Let's change the script a bit and try it again. I think that the binary name is what is causing the error.

Open Notepad and Copy/Paste the contents of the quote box below into the new document:

 
Const title = "Service Removal Tool"

Set oWS = CreateObject("Wscript.Shell")
sService = inputbox("Removing Service:",title,"Network Security Service (NSS)")

If sService = "" then
msgbox "Script halted. No changes were made.", vbInformation, title
wscript.quit
End If

strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where displayName = '" & sService & "'")
If colListOfServices.count > 0 Then
For Each objService In colListOfServices
objService.StopService()
wscript.Sleep 10000
objService.ChangeStartMode("Disabled")
wscript.Sleep 2000
objService.Delete()
Msgbox "The " & sService & " service has been removed or marked for deletion.", vbInformation, title
Next
Else
Msgbox "The " & sService & " service was not found.", vbInformation, title
End If


Save the file to your desktop as remsvc.vbs and close Notepad. Locate the remsvc.vbs file on your desktop and double-click on it to run it. Click the Ok button and wait for a messge box saying the service has been removed or marked for deletion.

Let me know if that works.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 shifty35

shifty35
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 31 July 2005 - 03:42 PM

I get the same error with this script.

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:16 PM

Posted 31 July 2005 - 08:05 PM

Hi shifty35. Ok, then we will have to do this manually.

Use RegLite to delete Services

Download and install Registrar Lite
  • Start RegLite
  • Navigate to the registry key below: (You can copy/paste the bold text into the address bar).
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
  • In the right-hand pane locate the entry for something like this O?rtȲ$ and right-click on it. Choose Delete from the popup menu.
  • Now navigate to:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
  • In the right-hand pane locate the entry similar to LEGACY_O?rtȲ$ and right-click on it. Choose Delete from the popup menu.
  • If the above Legacy_ isn't visable, look for a LEGACY_ key with a long list of random letters and numbers that is similar. This key will contain the subkey with the bad service name. Right-click on that key and delete it.
  • Repeat the above steps for all other ControlSets (i.e. ControlSet001, ControlSet002 etc).
  • Exit RegLite.
Note: If you have trouble deleting a key. Click once on the key name to highlight it and click on the Security menu option and then the Edit Permissions item. Then Uncheck Allow inheritible permissions, click on Everyone in the uppder box and put a checkmark in Full control in the lower box. Click the Apply button and then the Ok button and attempt to delete the key again.

OK. When you are finished, close RegLite, reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 shifty35

shifty35
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 31 July 2005 - 08:45 PM

Ok, done. The keys were found in both CurrentControlSet and ControlSet002, but not ControlSet003. To delete the keys where permission was denied, I had change the folder permissions, go into the folder, delete the contents, then delete the folder.

Here is the current HJT log file. I'm still seeing Aurora pop-ups as well.


-----------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 8:41:56 PM, on 7/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Net Nanny\nnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\tkrywc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Net Nanny\nntray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Benjamin Ness\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe"/BEFOREINSTALL
O4 - HKLM\..\Run: [ywwtia] c:\windows\system32\tkrywc.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\nnsvc.exe

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:16 PM

Posted 31 July 2005 - 10:44 PM

Hi shifty35. Yes, the nail infection is back so let's clean it again. Please print these directions and then proceed with the following steps in order.

Step #1

Download nailfix.zip and unzip it to its own folder.

Step #2

Update ewido and then close the program. Do not run a scan yet.

Step #3

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Navigate to the folder you unzipped nailfix.zip into and double-click on nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Step #5

Start ewido and do the following:
  • Click on the Scanner button.
  • Click on the Complete System Scan.
  • If anything is found you will be prompted to clean the first infected file found. Choose Clean and put a checkmark in the checkbox for Perform action on all infections and click the Ok button to continue the scan.
  • When the scan is complete close ewido and reboot the computer normally.
Step #6

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe"/BEFOREINSTALL
O4 - HKLM\..\Run: [ywwtia] c:\windows\system32\tkrywc.exe r
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #7

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe
c:\windows\system32\tkrywc.exe

Step #8

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 shifty35

shifty35
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 01 August 2005 - 11:36 PM

OK, steps followed to the T. After browsing over here, I can already see Nail is back. Here is the HJT log...




Logfile of HijackThis v1.99.1
Scan saved at 11:33:47 PM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
c:\windows\system32\caxutdr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Net Nanny\nnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Net Nanny\nntray.exe
C:\Documents and Settings\Benjamin Ness\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0715] "C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe"/BEFOREINSTALL
O4 - HKLM\..\Run: [lfygxdv] c:\windows\system32\caxutdr.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\nnsvc.exe

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:16 PM

Posted 02 August 2005 - 09:18 AM

Hi shifty35. Let's check and see fi the file is really there or if it's only the entry for it. Download the latest version of WinPFind from the link below and run a new scan with that.

Download WinPFind.zip and unzip the contents to the C:\ folder.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here so I can review it.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users