Spyware Problem - Need Help w/ HJT

h0tb0y2k1 · Oct 16, 2006

Hello,
I've got a similar problem as discussed here:
http://forums.afterdawn.com/thread_view.cfm/405725#2462347
I need some help in getting rid of it. I have HJT downloaded, but am complete new to using it and could use a little assistance. If someone can take me through what I need to do, it would be greatly appreciated.

I can do it in chunks (i.e. when I stop in and out of the house) or if someone would prefer, I can start at 5pm CST (or anytime after) any weekday (except Wednesday 10/18) and take care of it all in one pop. If you can help me out, let me know what will work b est for you.

Niobis · Oct 17, 2006

Post your HijackThis log.

h0tb0y2k1 · Oct 17, 2006

Niobis,
Thank you. I am not at home tonight, but will post tomorrow night(Wednesday). Is it ok to do this with on and off posts, or do you want to set a time to get it all taken care of in one crack?

Niobis · Oct 17, 2006

It doesn't matter. Just post when you can, as will I.

h0tb0y2k1 · Oct 18, 2006

Here's my log. I have an external hard drive w/ only music & pictures from my digital on it. As soon as I knew something was messed up on my computer, I unplugged it. This log is with the drive disconnected, let me know if I need to connect it and re-scan. I'll be back at my computer this evening. THanks again.

Logfile of HijackThis v1.99.1
Scan saved at 5:26:26 PM, on 10/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\MMediaCodec\isamonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MMediaCodec\isamini.exe
C:\Program Files\EVGA ResChanger 2005\ResChanger2005.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BENPFI~1\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onlineregister.com/viewsonic
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\MMediaCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\EVGA ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Niobis · Oct 18, 2006

No, you don't need to have the external drive plugged in.

Download SmitfraudFix.zip to the desktop from here.
* Extract the files to the desktop. Do not run yet, will in safe mode.

Download AVGAnti-spyware from here.
* Install AVGAS and update. Do not run yet, will in safe mode.

[bold]Note[/bold]: Print or copy these instructions to Notepad and save them. You will be in safe mode and can't acces the internet.

* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Open the SmitfraudFix folder.
* Double-click smitfraudfix.cmd
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt.
* Exit SmitfraudFix.

* Open AVG AS and click "Scanner".
* Click "Complete System Scan".
* When it finishes scanning, set all items to "Quarantine".
* Click "Apply All Actions".
* Click "Save Report".
* Click "Save report as" and save it to the desktop.

Restart in normal mode.
HijackThis is running from a temp folder.
C:\DOCUME~1\BENPFI~1\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe
Move HijackThis.exe to it's own folder.
Run a new scan and post back with the new log, the contents of rapport.txt and the AVGAS report.

h0tb0y2k1 · Oct 18, 2006

Niobis,
I've done your instructions, but am confused by the last portion. Mainly, this:

HijackThis is running from a temp folder.
C:\DOCUME~1\BENPFI~1\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe
Move HijackThis.exe to it's own folder.
Run a new scan and post back with the new log, the contents of rapport.txt and the AVGAS report.

As much as I don't want to be considered 'newbie' (as I know what this means), I'm afraid on this board, that's exactly what I am. I know basics about my PC, so any brief explanation should help me out in completing this task.

Niobis · Oct 19, 2006

Means your HijackThis is in a temp folder. When you fix something with HijackThis a backup is made in case you need to restore it for some reason.
In your case, HijackThis is located here: C:\DOCUME~1\BENPFI~1\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe

This is becasue you didn't extract the file from the zip folder before running it. Copy/paste this into the address bar of Windows Explorer.
C:\DOCUME~1\BENPFI~1\LOCALS~1\Temp\Rar$EX00.922
Create a new folder in C:\ named HjT and move HijackThis.exe there.

Run a new scan and post the new log along with the others requested.

If for some reason HijackThis isn't there uninstall it via Add/Remove Programs and download it again. Extract it to the new folder.

h0tb0y2k1 · Oct 20, 2006

Niobis,
When I get to this point, I can't select all items to quarantine. Only one of the items gave the option, the rest said 'delete'.
Any thoughts?

* Open AVG AS and click "Scanner".
* Click "Complete System Scan".
* When it finishes scanning, set all items to "Quarantine".

h0tb0y2k1 · Oct 20, 2006

Also - When I do get past this point, do I run HJT from my C: (where you had me move it)?

Niobis · Oct 20, 2006

Quarantine or delete, doesn't matter.

Yes, run HijackThis from the permanent folder.

h0tb0y2k1 · Oct 20, 2006

SmitFraudFix v2.110

Scan done at 13:31:51.39, Fri 10/20/2006
Run from C:\Documents and Settings\Ben Pfiffner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:59:30 PM 10/20/2006

+ Scan result:

HKU\S-1-5-21-1220945662-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1220945662-776561741-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP101\A0004608.dll -> Adware.ProtectionBar : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc57\VirusBurster.exe -> Adware.VirusBurster : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP100\A0004582.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP100\A0004583.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP101\A0004607.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP103\A0004630.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP103\A0004631.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP103\A0004632.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP104\A0004662.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP107\A0004836.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP107\A0004837.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP108\A0004850.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP108\A0004851.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP108\A0004852.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP108\A0004854.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP108\A0004856.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP94\A0004471.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP94\A0004472.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP94\A0004473.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP94\A0004491.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP94\A0004492.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP94\A0004493.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP94\A0004502.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP94\A0004503.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP94\A0004504.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP95\A0004515.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP95\A0004516.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP95\A0004517.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP99\A0004566.dll -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP99\A0004567.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP99\A0004568.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP100\A0004574.exe -> Not-A-Virus.Hoax.Win32.Renos.dy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP100\A0004581.exe -> Not-A-Virus.Hoax.Win32.Renos.dy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP101\A0004588.exe -> Not-A-Virus.Hoax.Win32.Renos.dy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP103\A0004618.exe -> Not-A-Virus.Hoax.Win32.Renos.dy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP104\A0004663.exe -> Not-A-Virus.Hoax.Win32.Renos.dy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4F31F2FC-EDBC-4325-9625-13AE5C14F012}\RP108\A0004853.exe -> Not-A-Virus.Hoax.Win32.Renos.ev : Cleaned with backup (quarantined).
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc68.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@leeenterprises.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@leeenterprises.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc147.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc160.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc308.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc322.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc343.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc362.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc386.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc61.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc87.txt -> TrackingCookie.Adbrite : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc98.txt -> TrackingCookie.Addynamix : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc369.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc95.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc516.txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc104.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc106.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc128.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc138.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc141.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc154.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc472.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc144.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc146.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc83.txt -> TrackingCookie.Clickhype : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc163.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc429.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc169.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc191.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc194.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc195.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc196.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc197.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc198.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc199.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc200.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc201.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc202.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc203.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc204.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc205.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc206.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc207.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc208.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc209.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc210.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc211.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc212.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc213.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc214.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc215.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc216.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc217.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc218.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc219.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc220.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc221.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc222.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc223.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc224.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc225.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc226.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc227.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc228.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc229.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc230.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc231.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc232.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc233.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc234.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc235.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc236.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc237.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc238.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc239.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc240.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc241.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc242.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc243.txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc91.txt -> TrackingCookie.Euroclick : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc121.txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc127.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc258.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc249.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc250.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc251.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc252.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc253.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc274.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc167.txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc314.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc396.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc339.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc100.txt -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc353.txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc355.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc398.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc363.txt -> TrackingCookie.Revenue : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc96.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc248.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc143.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc381.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc171.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc93.txt -> TrackingCookie.Specificclick : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc397.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc116.txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc409.txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc423.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc424.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc425.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc359.txt -> TrackingCookie.Valuead : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc434.txt -> TrackingCookie.Valueclick : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc400.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Cookies\ben pfiffner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc514.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc84.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Ben Pfiffner\Local Settings\Temp\Cookies\ben pfiffner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\S-1-5-21-1220945662-776561741-725345543-1004\Dc519.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 3:08:31 PM, on 10/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\EVGA ResChanger 2005\ResChanger2005.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onlineregister.com/viewsonic
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\EVGA ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

Niobis · Oct 20, 2006

Go to Add/Remove Programs and uninstall(if you didn't install):
[bold]ViewPoint Manager[/bold]

Go here and download [bold]CCleaner[/bold].

Close all windows and install CCleaner.
Open CCleaner.
Click Options > Advance > uncheck "Only delete files in Windows Temp folders older than 48 hours".
Click Cleaner > Run Cleaner.
Close CCleaner.

Turn off System Restore.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".

If your still having problems, let me know.

If no more problems or symptoms, restart your computer and turn system restore back on. This will create a new, clean restore point.

h0tb0y2k1 · Oct 20, 2006

Niobis,
All seems to be fine. I've got a couple quick questions.

When I removed ViewPoint Manager, I notice there is a program called Viewpoint Media Player. It has the Windows icon similar to Media Player. Is this program ok?

I have a file on my desktop called .dmp that was created around the time I was doing the final scans (from my last post). Is this ok to delete?

I still have System Restore turned off and will keep it like that until I hear back.

Thanks,
Ben

Niobis · Oct 20, 2006

ViewPoint Manager is not bad persay. It is sometimes installed without the users permission. This is the reason it is asked to be uninstalled. If you did [bold]not[/bold] install Viewpoint Media Player then uninstall it. Most likey ViewPoint Manager came with the player, where ever it came from.

.dmp on the desktop is ok to delete. It is a memory dump file. Not sure where it came from, maybe SmitfraudFix since nothing was shown deleted in the log you posted.

Also, I forgot to mention to remove the quarantined items in AVGAS.
Open AVGAS > click Infections > select all entires > click Remove finally.

h0tb0y2k1 · Nov 21, 2006

Niobis,
Since working with you, everything seems to be fine. Just wanted to hop on and say 'THANK YOU' for all the help!!! It was greatly appreciated and I'm not sure what I would have done had I not come across this site.

Niobis · Nov 21, 2006

Well, thank you much for the 1 month update. Good to hear everything is running smooth. Just stay away from those fake codecs and you'll be fine.

Log in or Sign up

Spyware Problem - Need Help w/ HJT

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

Share This Page

Log in or Sign up

Spyware Problem - Need Help w/ HJT

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

h0tb0y2k1 Member

Niobis Active member

Share This Page

Useful Searches