Trojan nordom@o2.pl Distributed.net Client
-
Trojan nordom@o2.pl Distributed.net Client
Hi,
Spy Sweeper has picked up the Trojan nordom@o2.pl Distributed.net Client on my system.
It picks up the following: 2o7.net Cookie which it will delete.
It also picks up the following: Trojan nordom@o2.pl's Distributed.net Client which show a path to a folder c:\windows\system32\iosdt
It will not delete the folder due to files in it and it recommends to delete it manually. When I look for the folder, I can't find it.
I did a search for it as well as a registry search for IOSDT which returned nothing.
Also F.Y.I., when I logged onto Windows XP I received an error (all of which has happened occasionally on previous occasions):
1) Common Client User Session has encountered a problem and needs to close.
2) When I tried to check my e-mail (Outlook Express) I get message "Your POP3 server has not respondes in 60 seconds. Would you like to wait another 60 seconds for the server to respond?" This continues until I reboot.
3) Then I get message "Your system is low on Virtual Memory. Windows is increasing the size of your Virtual Memory paging file. During this process memory requests for some applications may be denied.
Any help with this as well as any other item seen in the log that shouldn't be there would be greatly appreciated.
Spy Sweeper and Norton Antivirus 2004 both with latest update run nightly.
Ad-Aware SE and SpyBot get run at least once a week.
I have attached my HiJack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:53:06 AM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC TechZone\AuctionMagic7\Snipe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Downloaded Programs\HiJack-This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presar io&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pres ario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pres ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cnn.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0. dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0. dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MerlinSnipe] C:\Program Files\PC TechZone\AuctionMagic7\Snipe.exe quiet
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
Thank you in advance for any help you can provide.
Peter
-
Hello,BigPete & Welcome
Please run this online scanner give us feedback on what
if anything it could not remove.
http://www.ewido.net/en/onlinescan/
so after what i need from you is a report of the scan
& a new HijackThis logfile.
HGD 
-
Hi HGD,
Thank you for your quick response.
I clicked the link you sent, it went to the web site, I clicked Scan, clicked to allow download system IE crashed. Tried a few time and same thing happened.
I rebooted, tried again and it crashed again.
F.Y.I. I don't know if this is a problem or not, but it seems strange to me. When I first logon to my user name, it loads up fine. If I log off (switch user), when I come back later and log on again, it appears to go to my desktop, then it go to screensaver or background. I then have to logon for a second time. None of the other users have this problem.
Thanks again
Peter
-
Hi, I ran another HiJack This Log FYI.
Logfile of HijackThis v1.99.1
Scan saved at 11:00:38 PM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC TechZone\AuctionMagic7\Snipe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Downloaded Programs\HiJack-This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cnn.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0. dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0. dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MerlinSnipe] C:\Program Files\PC TechZone\AuctionMagic7\Snipe.exe quiet
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
Peter
-
Hi,Peter
Try this for me please
Download the L2MFix from
http://www.downloads.subratam.org/l2mfix.exe
or
http://www.atribune.org/downloads/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe.
Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.
Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.
Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to.
HGD 
-
Hi HGD,
As per your request, I have attached the L2MFIX Find Log below.
F.Y.I.: I have also noticed SpyBot has been picking up "Security Risks"
When I expand it, it shows two registry changes:
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify!=dword:0
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
I run Fix Problems and it reports it has fixed the problem.
Next scan, it is back.
L2MFIX find log 1.03
These are the registry keys present
************************************************** ********************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33, 00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e, 00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEven t"
"Logoff"="UnregisterTicketExpiredNotificationEvent "
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
************************************************** ********************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
************************************************** ********************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) Property Sheet Shell Extension"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"
************************************************** ********************************
HKEY ROOT CLASSIDS:
************************************************** ********************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
hhsetup.dll Thu May 26 2005 10:04:28p A.... 41,472 40.50 K
icm32.dll Tue Jun 28 2005 9:46:00p A.... 254,976 249.00 K
itircl.dll Thu May 26 2005 10:04:28p A.... 155,136 151.50 K
itss.dll Thu May 26 2005 10:04:28p A.... 137,216 134.00 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
mscms.dll Tue Jun 28 2005 9:46:00p A.... 74,240 72.50 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K
xpsp3res.dll Mon May 16 2005 8:25:36p ..... 15,360 15.00 K
15 items found: 15 files, 0 directories.
Total of file sizes: 3,315,872 bytes 3.16 M
Locate .tmp files:
No matches found.
************************************************** ********************************
Directory Listing of system files:
Volume in drive C is PRESARIO
Volume Serial Number is ECE4-E428
Directory of C:\WINDOWS\System32
07/29/2005 07:52 AM <DIR> iosdt
07/29/2005 03:02 AM <DIR> dllcache
10/22/2004 12:11 AM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 179,139,563,520 bytes free
Thank you again for your help.
Peter
-
Hi,Peter
Sorry for the hold up on this see if this helps
# Open Control Panel > Folder Options
# Click the View tab.
# Under Hidden Files & Folders click "Show Hidden Files and Folders"
# Next uncheck "Hide protected operating system files"
# Reboot in Safe Mode (in XP press F8 before windows begins loading)
# Open C:\WINDOWS\system32
# Delete the Folders & files with iosdt in the name (there should be 1 folder, iosdt, containing all the corrupt files) you may want to do a search for iosdt to make sure everything is removed.
# Empty the Recycle Bin.
# Reboot in Normal Mode.
I also want you to do this here
Download FindIt's.zip to your desktop.
Unzip/extract the files inside preferable to C:\ < a new folder.
Disconnect from the internet, if you use an always on internet connection unplug it.
Let your PC be idle for 15 minutes !!
Open the folder and run the FindIt's.bat and wait for a text to open, it will take awhile be patient, post the results please.
http://forums.net-integration.net/in...post&id=142443
If you get an error similar to:
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application...etc etc'
Go here and use the approprient fix for your system
http://www.tech-forums.net/computer/topic/29806.html
HGD
-
Hi HGD,
I did as you requested, however every time I would high light the IOSDT folder, I received an error message and it would close out the program. Also when I paused over the folder icon, it said the folder was empty. This was in both Regular and Safe Mode.
I don't know if it will help, but I ran the Find_it bat and the following is the log.
Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 08/08/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first
»»»»» lagitamate file's can/will show in this section.
»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»
* SAHAgent C:\WINDOWS\System32\INE6I5J6.INI
* SAHAgent C:\WINDOWS\System32\L8CM3EB9.INI
* SAHAgent C:\WINDOWS\System32\UL64DPC1.INI
»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.
Volume in drive C is PRESARIO
Volume Serial Number is ECE4-E428
Directory of C:\WINDOWS\SYSTEM32
»»»»» Checking for SAHAgent ico files.
Volume in drive C is PRESARIO
Volume Serial Number is ECE4-E428
Directory of C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»».
Thank you again for your help.
Peter
-
Hi HGD,
I tried to run the ewido and this time I was successful. It came up with a varity of garbage (See attached log)
I have to break this up into a couple messages as the findings are quite large.
This is 1 of 3
________________________________________________
ewido security suite online scanner
http://www.ewido.net
Name: Spyware.YourSiteBar
Path: HKU\S-1-5-21-3125692398-2900186759-2059119435-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
Risk: High
Name: Spyware.BetterInternet
Path: HKU\S-1-5-21-3125692398-2900186759-2059119435-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740}
Risk: High
Name: Spyware.ISTBar
Path: HKU\S-1-5-21-3125692398-2900186759-2059119435-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
Risk: High
Name: Spyware.YourSiteBar
Path: HKU\S-1-5-21-3125692398-2900186759-2059119435-1009\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
Risk: High
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wfk4kjdpwho.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wfkochd5sco.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wfkoulazako.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wfkyqlajmlp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wflicjdzgao.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wfloakczskp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wfmywgdzshp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wgkiupdjcho.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjkyehazwco.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjkyghazgco.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjkysjcjcgo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjl4ond5gkq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjl4ujczsfo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjlicpczafo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjlisjazelp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjloojazghq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjloqhajkeo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjlyujczmkq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjmiwidzkep.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjmykndjekp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjmysmcpsgp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@e-2dj6wjnyqodpcdp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Masterstats
Path: C:\Documents and Settings\Alyssa\Cookies\alyssa@image.masterstats[1].txt
Risk: Medium
Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\Jon\Cookies\jon@2o7[2].txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: C:\Documents and Settings\Jon\Cookies\jon@casalemedia[1].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\Jon\Cookies\jon@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wfkisnczcfp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wfkougazkdq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wfkyamcpseo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wfkyekczcdo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wfl4gkc5iko.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wfmicodzshp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wfmikpdjogo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjk4ojdzcco.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjk4wkdjshp.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjkochdjiep.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjkoelczshp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjkooicziao.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjkycodzckq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjkyeldjgdp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjkykhdzakp.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjl4gmd5eap.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjl4gmdzeco.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjl4slcpmdp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjl4woazoko.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjliclcpgcp.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjliwlc5wbq.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjloggc5kgp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjloupd5oap.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjlyenczckp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjlysgd5glo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjmikkdzsgo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjny-1sd5ig.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjnyggdpilp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjnyogcjkho.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjnyuicjafo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Jon\Cookies\jon@e-2dj6wjnywicjklp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Fastclick
Path: C:\Documents and Settings\Jon\Cookies\jon@fastclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Webtrendslive
Path: C:\Documents and Settings\Jon\Cookies\jon@statse.webtrendslive[1].txt
Risk: Medium
Name: Spyware.Cookie.Tribalfusion
Path: C:\Documents and Settings\Jon\Cookies\jon@tribalfusion[1].txt
Risk: Medium
Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\Matt\Cookies\matt@2o7[2].txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: C:\Documents and Settings\Matt\Cookies\matt@ad.yieldmanager[1].txt
Risk: Medium
Name: Spyware.Cookie.Advertising
Path: C:\Documents and Settings\Matt\Cookies\matt@advertising[2].txt
Risk: Medium
Name: Spyware.Cookie.X10
Path: C:\Documents and Settings\Matt\Cookies\matt@affiliates.x10[2].txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: C:\Documents and Settings\Matt\Cookies\matt@casalemedia[1].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\Matt\Cookies\matt@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfk4cpdjifo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfk4qlajoeo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfk4uhcpceo.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfk4wkcpibp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkiemdpikp.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkigodjgkp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkikjajslq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkiogdzmbq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkiumdjsaq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkochaziep.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkogldzchp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkokjc5clp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkoqmdzclo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkoskdpgep.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkowhcpigp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkygiczagp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkykjazobo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfkyunazmep.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfl4qidpclq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wflield5cfo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wflispazeao.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfmyald5mcp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wfmyclazcco.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4apc5seo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4ehdjekq.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4kjazscq.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4ohajmdp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4onczwfp.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4qhajkeo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4qocpobo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4socjigo.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4sodzgfp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4uoazwhp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjk4wgazibo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkoamazaep.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkocnazoap.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkokkd5wdq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkokodpalq.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkoogdjmgp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkoohdjidp.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkoqjcpmgp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkoqkc5iko.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkoujc5whp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkoupdjgcp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkowocjchp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkygjajakp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkykgd5mbo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkykhdzclo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkykkajwko.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkyogdjegq.stats.esomniture[1].txt
Risk: Medium
-
2 0f 3
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkyqgcjwao.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkyqpcpkdp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjkyskajaco.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjl4ohajaeq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjl4qmdzwcp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjl4smcpoeq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjl4snajokp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlielcjogq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlikkd5cgo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjliomcjccq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjliqnczebp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjliuncpkdp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlocndjwdp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjloggc5kgp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlokidjmgo.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjloklazedp.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjloomcjobo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlosjdzigq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlycmcjsgo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlygocjkeo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlyogdzkbq.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlyokc5slo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlyonajako.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlyqkcpcdq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlysncpelo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjlywjcziaq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjmigicpieq.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjmiomc5kdp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjmiqpcjwao.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjmycidzmep.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjmygkajiao.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjmyumc5glq.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjmyuodzwfq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjmywldzwep.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnyajajogp.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnyancjegq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnyemajmep.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnyemcjgap.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnygicpslo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnygmcpilp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnyoiazsap.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnyolajakq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnyqlcpweo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnyuicjafo.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Matt\Cookies\matt@e-2dj6wjnywocpodo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Hypertracker
Path: C:\Documents and Settings\Matt\Cookies\matt@hypertracker[1].txt
Risk: Medium
Name: Spyware.Cookie.Advertising
Path: C:\Documents and Settings\Matt\Cookies\matt@servedby.advertising[2].txt
Risk: Medium
Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\Patti\Cookies\patti@2o7[1].txt
Risk: Medium
Name: Spyware.Cookie.Falkag
Path: C:\Documents and Settings\Patti\Cookies\patti@as-us.falkag[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfk4ahczahq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfk4elazalo.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfk4kjdzwfo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfk4olc5eep.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfkiahcpolp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfkieiczkdq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfkoujdjwbq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfkyekd5wfo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfkyondjckq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfl4qicjiaq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wflicjc5ggq.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfloqmdzofp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wflosgd5eao.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfloupczsao.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfmiemdjkeq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfmisjdpcap.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wfmyclazcco.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wgkiokcpckp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wgkiupdjcho.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjk4aid5khp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjk4akdpedo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjk4kjazscq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjk4kjcpegp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjk4kmazwlp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjk4ohajmdp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjk4qndjebp.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjkochdjiep.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjkockcpefq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjkoepd5oko.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjkogpczofo.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjkowocjchp.stats.esomniture[1].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjkycgajwgq.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjkyemdjkep.stats.esomniture[2].txt
Risk: Medium
Name: Spyware.Cookie.Esomniture
Path: C:\Documents and Settings\Patti\Cookies\patti@e-2dj6wjkygnd5egp.stats.esomniture[2].txt
Risk: Medium
Newbie
