Having problem getting rid of this nasty pop type trojan. Have used Spybot, Windows defender, Mcaffee, CA Associates, Norton, CCcleaner,and spyware nuker to no avail, any help would be greatly appreciated. Thanks in Advance. Logfile of HijackThis v1.99.1 Scan saved at 1:11:19 AM, on 5/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Sony Handheld\HOTSYNC.EXE C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\Spyware Nuker\swnxt.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\mcafee.com\agent\McDash.exe c:\program files\mcafee.com\shared\mghtml.exe c:\program files\internet explorer\iexplore.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {BA111783-2BF6-4295-8525-8D2246B41E50} - C:\Program Files\ComPlus Applications\salefoqa.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = D:\Program Files\Scrapbook Designer\scrapremind.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104467551780 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139094160562 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: CAISafe - Unknown owner - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: PowerAlert Port Manager Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\portmgr.exe O23 - Service: PowerAlert UPS Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe (file missing)
Ok, you got some something that needs cleaning... Cleaning instructions: Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download We'll use it later. Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R3 - Default URLSearchHook is missing O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab Then we'll take these Norton and eTrust EZ Antivirus leftovers off: Open Notepad -> copy the following lines into a new document: @echo off sc stop Symantec Core LC sc delete Symantec Core LC sc stop VETMSGNT sc delete VETMSGNT sc stop CAISafe sc delete CAISafe Save the document to your desktop as Removal.bat and filetype: All Files Go to your desktop and run the file Removal.bat and answer yes to any questions. Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html Scan and clean your computer with Ewido and save the log file. Go to here -> http://www.virustotal.com -> Press Browse -> Navigate to this file: C:\Program Files\ComPlus Applications\salefoqa.dll -> Press Ok -> Press Send -> Wait for the scan results -> Post the results to your next reply Do you know the location of that Wallpap.exe file? What version of Spyware Nuker are you using? Post the following logs to here: -> fresh HijackThis log -> Ewido's log -> Results from the virustotal scan
Hijack This log Logfile of HijackThis v1.99.1 Scan saved at 9:33:23 AM, on 5/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe C:\WINDOWS\System32\ups.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Spyware Nuker\swnxt.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Sony Handheld\HOTSYNC.EXE C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {BA111783-2BF6-4295-8525-8D2246B41E50} - C:\Program Files\ComPlus Applications\salefoqa.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = D:\Program Files\Scrapbook Designer\scrapremind.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104467551780 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139094160562 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: PowerAlert Port Manager Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\portmgr.exe O23 - Service: PowerAlert UPS Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 9:30:24 AM, 5/6/2006 + Report-Checksum: 81A34EC4 + Scan result: :mozilla.6:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.7:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.8:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.9:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.10:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.11:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.12:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.27:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.28:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup :mozilla.83:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup :mozilla.105:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.152:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.263:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.264:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.276:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.287:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.288:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.289:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.290:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.291:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.292:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.293:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned with backup :mozilla.298:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup :mozilla.299:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup :mozilla.300:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup :mozilla.317:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.318:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.319:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.371:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.372:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.373:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.374:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.375:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.376:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.377:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.378:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.379:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.409:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.410:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.412:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.413:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.414:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.415:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.416:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.417:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.460:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.461:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.464:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.476:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.496:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup :mozilla.499:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.500:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.501:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.587:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.588:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.589:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.590:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.591:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.592:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.593:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.594:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.595:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.596:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.597:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.598:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Directnetadvertising : Cleaned with backup :mozilla.851:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.852:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.853:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.854:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.855:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.856:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.857:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.858:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.859:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.860:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.861:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.862:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.869:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.870:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.871:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\93s3kqm5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@ads.euniverseads[2].txt -> TrackingCookie.Euniverseads : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@bookspan.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wfk4kkcjmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wfkighdjkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wfkokicjcbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wfkoqgdjedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wfkyendpsfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wfkygmazolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wfl4agc5eko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wfliagajgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wflikidzggq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wflosidzcgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wfmicpazccp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wfmyqkajmeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wgkogocpcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjk4cgazckq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjk4eicjado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjk4spcjefq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkocmdjigq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkoeidpoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkookczcfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkoonajkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkoqidpccp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkoqndpcbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkyaocjwep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkyendzcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkykpajcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkyokdjihq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkyoldpmko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkyugdjclp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjkyuhdpihp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjl4gmdjgdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjl4knczglq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjl4uocziao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjliaid5wdq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjlikicjwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjliomdjalq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjliqidpsfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjlishazicq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjlisid5sko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjliwgd5okq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjloggd5ago.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjloghdjocq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjloohd5idp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjloqod5wep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjlospdpeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjmyugdjseo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjny-1mczig.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjnyaodpoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjnycgazabq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjnyegdjobp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjnyshajogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjnyuic5wbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjnyukcjklq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@e-2dj6wjnywnajwlo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@euniverseads[2].txt -> TrackingCookie.Euniverseads : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@iqtv.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@prizeamerica.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@saksfifthavenue.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@sel.as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@www.directnetadvertising[2].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@-1shz2prbmdj6wvny-1sez2pra2dj6wjnyegczedpa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@www.directnetadvertising[2].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@www.res99[1].txt -> TrackingCookie.Res99 : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkykjdzadqa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cidjgepq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykicpodpqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykncpmkpawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloancpmepaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCGB@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlowlazmaqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.8:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\pkf6ljt1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.9:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\pkf6ljt1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.18:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\pkf6ljt1.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.19:C:\Documents and Settings\NCG\Application Data\Mozilla\Firefox\Profiles\pkf6ljt1.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup C:\Documents and Settings\NCG\Cookies\NCG@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\NCG\Desktop\Junk\anydvd5.5.5.1.exe -> Downloader.VB.ts : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\NCG\Local Settings\Temp\Cookies\NCG@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Program Files\ComPlus Applications\__delete_on_reboot__salefoqa.dll -> Downloader.Small.ctp : Cleaned with backup C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup Complete scanning result of "salefoqa", received in VirusTotal at 05.06.2006, 15:40:30 (CET). Antivirus Version Update Result AntiVir 6.34.0.24 04.20.2006 no virus found Avast 4.6.695.0 05.05.2006 no virus found AVG 386 05.05.2006 no virus found Avira 6.34.1.58 05.06.2006 no virus found BitDefender 7.2 05.06.2006 no virus found CAT-QuickHeal 8.00 05.05.2006 no virus found ClamAV devel-20060426 05.05.2006 no virus found DrWeb 4.33 05.06.2006 no virus found eTrust-InoculateIT 23.72.1 05.06.2006 no virus found eTrust-Vet 12.4.2194 05.04.2006 no virus found Ewido 3.5 05.06.2006 no virus found Fortinet 2.71.0.0 05.06.2006 no virus found F-Prot 3.16c 05.05.2006 no virus found Ikarus 0.2.65.0 05.05.2006 no virus found Kaspersky 4.0.2.24 05.06.2006 no virus found McAfee 4756 05.05.2006 no virus found Microsoft 1.1372 05.06.2006 no virus found NOD32v2 1.1523 05.05.2006 no virus found Norman 5.90.17 05.05.2006 no virus found Panda 9.0.0.4 05.06.2006 no virus found Sophos 4.05.0 05.06.2006 no virus found Symantec 8.0 05.06.2006 no virus found TheHacker 5.9.7.139 05.05.2006 no virus found UNA 1.83 05.05.2006 no virus found VBA32 3.11.0 05.06.2006 no virus found Aditional Information File size: 377 bytes MD5: 90b096d7587c98c6648318ced69c590b SHA1: a643553182809d636e557e9539e89e5f7f8cb62a ::Report End Here is what I have found so far, again thanks for the help, it is very much appreciated. WallPap.exe was in temp internet files.
@JaPK Thanks! Problem completely solved. Which Spyware program do you recommend to keep these things from coming back?
Ok good, just a few leftovers remaining.... Fix this entry with HijackThis: O2 - BHO: (no name) - {BA111783-2BF6-4295-8525-8D2246B41E50} - C:\Program Files\ComPlus Applications\salefoqa.dll (file missing) Open Notepad -> copy the following lines into a new document: @echo off sc stop Symantec Core LC sc delete Symantec Core LC Save the document to your desktop as Removal.bat and filetype: All Files Go to your desktop and run the file Removal.bat and answer yes to any questions. Post a one more HjT log. Then here is some info about Spyware Nuker (it might not be trusted) -> http://www.spywarewarrior.com/rogue_anti-spyware.htm And here is a good article by Tony Clein,"So how did I get infected in the first place?" -> http://castlecops.com/postlite7736-.html
Spyware nuker removed, symantec now gone for good I hope, Hijack This log as follows Logfile of HijackThis v1.99.1 Scan saved at 5:31:47 PM, on 5/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe C:\WINDOWS\System32\ups.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Sony Handheld\HOTSYNC.EXE C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Ron Crosier\Desktop\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = D:\Program Files\Scrapbook Designer\scrapremind.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104467551780 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139094160562 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: PowerAlert Port Manager Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\portmgr.exe O23 - Service: PowerAlert UPS Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) going to run Ccleaner next to remove any leftover issues.
That Norton service doesn't want to go away... Fix this entry with HijackThis: O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) Then on the downright corner in HijackThis press Config ->Misc Tools ->Delete NT service ->Copy this: Symantec Core LC and paste it to the field ->Press OK Did you get any error message when you tried to clean it with the .bat file earlier? Post a new HjT log to here.
To tell the truth, the removal.bat flashed on the screen too quickly to follow. HJT seems to have killed it once and for all. The spyware has been removed and I am so grateful for your help. Logfile of HijackThis v1.99.1 Scan saved at 12:43:02 AM, on 5/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\ups.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Sony Handheld\HOTSYNC.EXE C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Messenger\msmsgs.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Documents and Settings\Ron Crosier\Desktop\ICONS\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = D:\Program Files\Scrapbook Designer\scrapremind.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104467551780 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139094160562 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: PowerAlert Port Manager Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\portmgr.exe O23 - Service: PowerAlert UPS Engine - Unknown owner - C:\Program Files\Tripp Lite\PowerAlert\Engine\paserver.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
