Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and
icons will disappear and reappear, and a window should open and close
very quickly --- this is normal.
Then please run Ewido, and run a full scan. Save the logfile from the scan.
Next please run HijackThis, click Scan, and check:
I've been testing with McAfee and there was a file called nail.exe found in C:\WINDOWS. .I think I deleted it because it's not there any more....or is it hiding??
Do I still need to proceed as per your instructions. I don't know.......sorry!!
I also have Microsoft Anti Spyware (Beta1) and it keeps detecting the following
ewido security suite - Scan report ---------------------------------------------------------
+ Created on: 01:31:15, 05/06/2005 + Report-Checksum: E63BEB0B
+ Date of database: 04/06/2005 + Version of scan engine: v3.0
+ Duration: 41 min + Scanned Files: 82966 + Speed: 33.43 Files/Second + Infected files: 11 + Removed files: 11 + Files put in quarantine: 11 + Files that could not be opened: 0 + Files that could not be cleaned: 0
+ Binder: Yes + Crypter: Yes + Archives: Yes
+ Scanned items: C:\
+ Scan result: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250\A0118025.dll -> Spyware.WildTangent.b -> Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250\A0118040.dll -> Spyware.WildTangent.b -> Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP258\A0121203.dll -> Spyware.WinAD.u -> Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP258\A0121205.vxd -> Spyware.MediaPass -> Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP258\A0121208.dll -> Spyware.Relevance.b -> Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP258\A0121209.dll -> Spyware.Relevance -> Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0122211.exe -> Spyware.Thumper -> Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0122212.exe -> Spyware.Broadcap.b -> Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0122216.exe -> Trojan.Nail -> Cleaned with backup C:\WINDOWS\Downloaded Program Files\dlhelper.dll -> Spyware.Thumper -> Cleaned with backup C:\WINDOWS\Downloaded Program Files\installer_VENDARE.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
Thanks for replying. Unfortunately my reply back to you was too long. Technology :smileymad:
I ran a scan using Ewido before I got your reply. It took forever. It was so slow I aborted it after 50%. I then did what you suggested and ran Nailfix in safe mode. That was scary !! After running nailfix I restarted the PC because I didn't read your reply correctly .....sorry :smileywink: I ran the Ewido and Hijack program again and will paste them.
Please tell me my PC is ok now and what I can do to stop this happening again.
Thanks
Mags
Here's the hijack log
Logfile of HijackThis v1.99.1
Scan saved at 01:36:17, on 05/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\Documents and Settings\Mags\Cookies\mags@firstchoice[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@gmg.valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@handbag[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@handbag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@image.masterstats[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@internetfuel[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@katu.adbureau[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@kentonline[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@linksynergy[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@link[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@LPplayersonly[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@mediamgr.ugo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@myway[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@mywebsearch[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@orbitz.rpts[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@overture[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@phg.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@pub10.bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@pub27.bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@realguide.real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S119674[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S130376[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S131596[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S144839[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S148884[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S149247[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S151261[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@server.iad.liveperson[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@servlet[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@show[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@statse.webtrendslive[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@targetnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@tmpad[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@travelinn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@twci.coremetrics[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@web4.realtracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@whitbread[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@www.cheatserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@www.clickedyclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@www.myaffiliateprogram[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@www.shopathomeselect[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@www.star-adserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@xiti[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@z1.adserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Local Settings\Temp\ICD7.tmp\games.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Mags\Start Menu\Programs\Startup\DLHelperEXE.exe -> Spyware.Thumper -> Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\6ABEAA47-08F4-4C61-925F-EA1A24\96228CFA-2919-487F-98B8-80E51B -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\AE4E492B-DFDA-4545-BAC6-35B33F\9ACD4E12-90BE-46F4-A88B-D1BC80 -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe -> Spyware.Broadcap.b -> Cleaned with backup
Here's the first part of the Ewido log. It's telling me I can only post 20000 characters so I'll have to do it in stages.
-------------------------------------------------------- ewido security suite - Scan report ---------------------------------------------------------
+ Created on: 00:24:33, 05/06/2005 + Report-Checksum: 3A4E77B7
+ Date of database: 04/06/2005 + Version of scan engine: v3.0
+ Duration: 80 min + Scanned Files: 61248 + Speed: 12.64 Files/Second + Infected files: 146 + Removed files: 145 + Files put in quarantine: 145 + Files that could not be opened: 0 + Files that could not be cleaned: 1
+ Binder: Yes + Crypter: Yes + Archives: Yes
+ Scanned items: C:\ C:\
+ Scan result: C:\Documents and Settings\Mags\Cookies\mags@12845347[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@21971720[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@247realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@35487201[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@47780556[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@65048759[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@67054488[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@691135[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@7search[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@83651936[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@a.as-us.falkag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@a.websponsors[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@adopt.hotbar[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ads.adsag[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ads.as4x.tmcs[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ads.belointeractive[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ads.guardian.co[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ads.x10[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ads18.bpath[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@adserver.akqa[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@adserver.trb[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@adsremote.scripps[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@adv.webmd[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@adverts.digitalspy.co[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@as1.falkag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@a[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@bfast[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@c1.zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@cgi-bin[4].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@cgi-bin:emotion-14:.txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@cgi-bin[7].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@comet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@commission-junction[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@counter.hitslink[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@counter2.hitslink[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@data.coremetrics[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@dcskqeg2voifwznnd6alhtnei_8f3u[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@dcstlz8g1rljwp0s664z2hxwp_8u8x[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@diy[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-aarp.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-aha.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-apcs.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-bestbuy.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-bizjournals.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-bskyb.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-capitalgroup.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-cbs.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-dexmediainc.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-dig.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-elisabeth.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-guardian.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-holidaybreak.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-idg.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-kodak.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-ladbrokes.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-legonewyorkinc.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-logantod.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-mtv.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-newsinternational.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-pharmacia.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-tfl.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-theviptour.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-tickleinc.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-twi.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-unistudios.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-viacom.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg-warnerbrothers.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@ehg.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@etype.adbureau[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@exitfuel[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@falconsouth[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup C:\Documents and Settings\Mags\Cookies\mags@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
Please look at your Ewido scan results. If the results show that all the files that were found we cleaned that's all we want. You can delete the quarantined files if this is the case.
Now run the Nail fix one more time, please note that it is to be done in Safe Mode not Normal Mode.
After that just repost the new log and we will take it from there.
Here's what I forgot to paste in my last reply.......it's late!!
+ Created on: 00:24:33, 05/06/2005
+ Report-Checksum: 3A4E77B7
+ Date of database: 04/06/2005
+ Version of scan engine: v3.0
+ Duration: 80 min
+ Scanned Files: 61248
+ Speed: 12.64 Files/Second
+ Infected files: 146
+ Removed files: 145
+ Files put in quarantine: 145
+ Files that could not be opened: 0
+ Files that could not be cleaned: 1
There's always one awkward file.......:smileysurprised:
--------------------------------------------------------- ewido security suite - Scan report ---------------------------------------------------------
+ Created on: 17:56:34, 05/06/2005 + Report-Checksum: 4A718D7C
+ Date of database: 05/06/2005 + Version of scan engine: v3.0
+ Duration: 37 min + Scanned Files: 85032 + Speed: 37.36 Files/Second + Infected files: 9 + Removed files: 9 + Files put in quarantine: 9 + Files that could not be opened: 0 + Files that could not be cleaned: 0
+ Binder: Yes + Crypter: Yes + Archives: Yes
+ Scanned items: C:\
So is it safe to presume that the previously uncleaned file has now been cleaned?
Logfile of HijackThis v1.99.1 Scan saved at 18:03:23, on 05/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
zbestwun2001
3 Apprentice
•
8.8K Posts
0
June 4th, 2005 20:00
No, sorry to say the log is infected but let's clean it!
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Please download Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to the desktop but please do NOT run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and
icons will disappear and reappear, and a window should open and close
very quickly --- this is normal.
Then please run Ewido, and run a full scan. Save the logfile from the scan.
Next please run HijackThis, click Scan, and check:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
Close all open windows except for HijackThis and click Fix Checked.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan
Steve
mags123
51 Posts
0
June 4th, 2005 20:00
Hi Steve
Thanks for replying.
I've been testing with McAfee and there was a file called nail.exe found in C:\WINDOWS. .I think I deleted it because it's not there any more....or is it hiding??
Do I still need to proceed as per your instructions. I don't know.......sorry!!
I also have Microsoft Anti Spyware (Beta1) and it keeps detecting the following
Transponder ABetterInternet.Aurora (spyware) C:\WINDOWS\svcproc.exe
and
Transponder ABetterInternet.DrPMon (spyware) C:\WINDOWS\SYSTEM32\DrPMon.dll
I remove these but when I scan again they are back. I'm so confused !!
The moral of my tale of woe is never allow your kids on the PC !!
Thanks again
Mags
zbestwun2001
3 Apprentice
•
8.8K Posts
0
June 4th, 2005 21:00
Please post a fresh log.
Steve
mags123
51 Posts
0
June 5th, 2005 00:00
Here's the final one
Many thanks again
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 01:31:15, 05/06/2005
+ Report-Checksum: E63BEB0B
+ Date of database: 04/06/2005
+ Version of scan engine: v3.0
+ Duration: 41 min
+ Scanned Files: 82966
+ Speed: 33.43 Files/Second
+ Infected files: 11
+ Removed files: 11
+ Files put in quarantine: 11
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250\A0118025.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250\A0118040.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP258\A0121203.dll -> Spyware.WinAD.u -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP258\A0121205.vxd -> Spyware.MediaPass -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP258\A0121208.dll -> Spyware.Relevance.b -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP258\A0121209.dll -> Spyware.Relevance -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0122211.exe -> Spyware.Thumper -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0122212.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0122216.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\dlhelper.dll -> Spyware.Thumper -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer_VENDARE.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
::Report End
mags123
51 Posts
0
June 5th, 2005 00:00
Scan saved at 01:36:17, on 05/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donny.com/forum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donny.com/forum
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/117dde5789cda078e815/netzip/RdxIE601.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/belrio-ww/ie3/belrio2.cab?fgiocv=1
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/stx/install.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Filter: text/html - {2D8F259E-D8B8-48FB-8143-B1BC34CB3520} - C:\Documents and Settings\Mags\Local Settings\Application Data\microsoft\internet explorer\V0.28.dat
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
mags123
51 Posts
0
June 5th, 2005 00:00
C:\Documents and Settings\Mags\Cookies\mags@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@gmg.valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@handbag[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@handbag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@image.masterstats[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@internetfuel[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@katu.adbureau[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@kentonline[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@linksynergy[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@link[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@LPplayersonly[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@mediamgr.ugo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@myway[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@mywebsearch[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@orbitz.rpts[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@overture[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@phg.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@pub10.bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@pub27.bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@realguide.real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S119674[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S130376[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S131596[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S144839[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S148884[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S149247[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@S151261[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@server.iad.liveperson[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@servlet[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@show[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@statse.webtrendslive[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@targetnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@tmpad[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@travelinn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@twci.coremetrics[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@web4.realtracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@whitbread[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@www.cheatserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@www.clickedyclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@www.myaffiliateprogram[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@www.shopathomeselect[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@www.star-adserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@xiti[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@z1.adserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Local Settings\Temp\ICD7.tmp\games.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Mags\Start Menu\Programs\Startup\DLHelperEXE.exe -> Spyware.Thumper -> Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\6ABEAA47-08F4-4C61-925F-EA1A24\96228CFA-2919-487F-98B8-80E51B -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\AE4E492B-DFDA-4545-BAC6-35B33F\9ACD4E12-90BE-46F4-A88B-D1BC80 -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe -> Spyware.Broadcap.b -> Cleaned with backup
::Report End
mags123
51 Posts
0
June 5th, 2005 00:00
Here's the first part of the Ewido log. It's telling me I can only post 20000 characters so I'll have to do it in stages.
--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 00:24:33, 05/06/2005
+ Report-Checksum: 3A4E77B7
+ Date of database: 04/06/2005
+ Version of scan engine: v3.0
+ Duration: 80 min
+ Scanned Files: 61248
+ Speed: 12.64 Files/Second
+ Infected files: 146
+ Removed files: 145
+ Files put in quarantine: 145
+ Files that could not be opened: 0
+ Files that could not be cleaned: 1
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
C:\
+ Scan result:
C:\Documents and Settings\Mags\Cookies\mags@12845347[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@21971720[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@247realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@35487201[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@47780556[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@65048759[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@67054488[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@691135[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@7search[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@83651936[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@a.as-us.falkag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@a.websponsors[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@adopt.hotbar[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ads.adsag[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ads.as4x.tmcs[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ads.belointeractive[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ads.guardian.co[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ads.x10[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ads18.bpath[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@adserver.akqa[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@adserver.trb[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@adsremote.scripps[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@adv.webmd[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@adverts.digitalspy.co[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@as1.falkag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@a[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@bfast[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@c1.zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@cgi-bin[4].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@cgi-bin:emotion-14:.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@cgi-bin[7].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@comet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@commission-junction[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@counter.hitslink[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@counter2.hitslink[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@data.coremetrics[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@dcskqeg2voifwznnd6alhtnei_8f3u[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@dcstlz8g1rljwp0s664z2hxwp_8u8x[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@diy[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-aarp.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-aha.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-apcs.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-bestbuy.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-bizjournals.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-bskyb.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-capitalgroup.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-cbs.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-dexmediainc.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-dig.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-elisabeth.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-guardian.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-holidaybreak.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-idg.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-kodak.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-ladbrokes.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-legonewyorkinc.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-logantod.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-mtv.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-newsinternational.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-pharmacia.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-tfl.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-theviptour.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-tickleinc.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-twi.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-unistudios.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-viacom.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg-warnerbrothers.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@ehg.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@etype.adbureau[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@exitfuel[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@falconsouth[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Mags\Cookies\mags@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
mags123
51 Posts
0
June 5th, 2005 00:00
Hi Steve
I did run the nail fix in safe mode. It ran in a millisecond and disappeared off the screen. Does that seem ok?
wrt to Ewido scan results - one file wasn't cleaned before I ran nailfix. How do I find out if it was cleaned on the second scan?
Should I do another ewido scan or do the whole procedure tomorrow?
Thanks for your patience
Mags
zbestwun2001
3 Apprentice
•
8.8K Posts
0
June 5th, 2005 00:00
We just have to do it one more time.
Please look at your Ewido scan results. If the results show that all the files that were found we cleaned that's all we want. You can delete the quarantined files if this is the case.
Now run the Nail fix one more time, please note that it is to be done in Safe Mode not Normal Mode.
After that just repost the new log and we will take it from there.
Steve
mags123
51 Posts
0
June 5th, 2005 01:00
+ Report-Checksum: 3A4E77B7
+ Version of scan engine: v3.0
+ Scanned Files: 61248
+ Speed: 12.64 Files/Second
+ Infected files: 146
+ Removed files: 145
+ Files put in quarantine: 145
+ Files that could not be opened: 0
+ Files that could not be cleaned: 1
zbestwun2001
3 Apprentice
•
8.8K Posts
0
June 5th, 2005 01:00
Yes if we have one uncleaned file let's do that tomorrow, it needs to go one way or the other.
If Ewido doesn't do it we will do it another way but I think Ewido should do it.
Tomorrow is fine by me, I'll be on and off all day long.
Steve
Message Edited by zbestwun2001 on 06-04-2005 07:06 PM
zbestwun2001
3 Apprentice
•
8.8K Posts
0
June 5th, 2005 03:00
Locate it and tell me it's name and location.
Steve
zbestwun2001
3 Apprentice
•
8.8K Posts
0
June 5th, 2005 16:00
So let's do a MWAV scan and see if it finds a bad explorer.exe file.
>~~~ MWAV
Steve
mags123
51 Posts
0
June 5th, 2005 16:00
Here's the latest report from Ewido
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 17:56:34, 05/06/2005
+ Report-Checksum: 4A718D7C
+ Date of database: 05/06/2005
+ Version of scan engine: v3.0
+ Duration: 37 min
+ Scanned Files: 85032
+ Speed: 37.36 Files/Second
+ Infected files: 9
+ Removed files: 9
+ Files put in quarantine: 9
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
So is it safe to presume that the previously uncleaned file has now been cleaned?
Thanks for all your help.
Mags
mags123
51 Posts
0
June 5th, 2005 16:00
Hi again
Here's the latest logfile from Hijack program
Thanks
Logfile of HijackThis v1.99.1
Scan saved at 18:03:23, on 05/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donny.com/forum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donny.com/forum
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/117dde5789cda078e815/netzip/RdxIE601.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/belrio-ww/ie3/belrio2.cab?fgiocv=1
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/stx/install.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Filter: text/html - {2D8F259E-D8B8-48FB-8143-B1BC34CB3520} - C:\Documents and Settings\Mags\Local Settings\Application Data\microsoft\internet explorer\V0.28.dat
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe