Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sysprotectscanner Pop-up Issues


  • Please log in to reply
34 replies to this topic

#31 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 22 June 2006 - 04:45 PM

Clean - I won't take the time to look but if we DL SpySweeper you can remove that as it is a 2 wk trial - Ewido will still work after its trial you just have to manually update it
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

BC AdBot (Login to Remove)

 


#32 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 22 June 2006 - 05:26 PM

Thanks again for everything MFDnSC!

You are doing a great job and I really enjoyed working with you!

Cheers

#33 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 23 June 2006 - 10:16 PM

Well I thought we had this problem solved but when I was working online today the pesky sysprotectscanner ads started popping up again.

Is it possible that something is restarting it in the morning when I boot up?

Here's what I've done today to try to eliminate the problem:
1) Ran Spysweeper
2) Ran Ewido
3) Ran Spybot
4) Ran VundoFix
5) Switched from IE to Mozilla Firefox
6) Re-started the system in the "safe" mode and ran the smitfraudfix.cmd program

Here are my latest logs for review when you have a chance and please let me know what we can do to attack this repeating pop-up issue.

Thanks in advance for all your assistance!

Logfile of HijackThis v1.99.1
Scan saved at 7:25:43 PM, on 6/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Bob\My Documents\Security\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Super Pop Up Ad Killer] C:\Program Files\NET2SOFT\Spk\Super Pop Up Ad Killer.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Downloads - {165D4F02-312C-4303-ABCA-AD6B35A2BE4D} - http://www.downloadalot.com (file missing) (HKCU)
O9 - Extra button: Searchalot - {BF6D715B-3F1D-449B-9842-8F1C14798B5C} - http://www.searchalot.com (file missing) (HKCU)
O14 - IERESET.INF: SearchAssistant=
O15 - Trusted Zone: *.rmlsweb.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {10DE6CF7-3E36-445B-985D-07603082B36B} (FormLoader.Loader) - http://forms.orefonline.com/OLF/Runtime/FormLoader_RMLS.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.rmlsweb.com/XMLSearch/XMLCache.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\SunBeltKeriofirewall3152006\Personal Firewall 4\kpf4ss.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


----------------------------------------------------------------------------------------------------

SmitFraudFix v2.63

Scan done at 14:13:11.09, Fri 06/23/2006
Run from C:\Documents and Settings\Bob\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bob\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Bob\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


SmitFraudFix v2.63

Scan done at 14:16:02.54, Fri 06/23/2006
Run from C:\Documents and Settings\Bob\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


----------------------------------------------------------------------------------------------------------------

Spysweeper
********
11:18 AM: | Start of Session, Friday, June 23, 2006 |
11:18 AM: Spy Sweeper started
11:18 AM: Sweep initiated using definitions version 706
11:18 AM: Starting Memory Sweep
11:24 AM: Memory Sweep Complete, Elapsed Time: 00:05:55
11:24 AM: Starting Registry Sweep
11:24 AM: Registry Sweep Complete, Elapsed Time:00:00:28
11:24 AM: Starting Cookie Sweep
11:24 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:24 AM: Starting File Sweep
11:24 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\uninstalling norton tips.doc". Access is denied
11:24 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\vundofix.exe:zone.identifier". Access is denied
11:25 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\how to install nod32.doc". Access is denied
11:25 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\cookbook1.xls". Access is denied
11:25 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\norton 2004 id info.doc". Access is denied
11:25 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\smitfiles.jpg". Access is denied
11:26 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\vundofix.exe". Access is denied
11:34 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\add remove error message.doc". Access is denied
11:34 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\kerio firewall\kerio download 3.15.06.exe:zone.identifier". Access is denied
11:35 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\norton 2004 id info2.doc". Access is denied
11:37 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\norton 2004 id info3.doc". Access is denied
11:40 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\sysprotectscannerinstall 6 16 06.doc". Access is denied
11:42 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\spyware\spybotsd14.exe:zone.identifier". Access is denied
11:45 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\screenshot instructions.doc". Access is denied
11:48 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\smiterrorscreen.jpg". Access is denied
11:50 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\your system is infected with the vundo trojan.doc". Access is denied
11:50 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\smitdesktop.jpg". Access is denied
11:52 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\kerio firewall\rmls kerio page.doc". Access is denied
11:53 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\mozilla firefox\mozilla firefox install tips.txt". Access is denied
11:53 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\sysprotect message 6 17 06.doc". Access is denied
11:53 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\error messages\spybotlog.jpg". Access is denied
11:59 AM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\kerio firewall\kerio download 3.15.06.exe". Access is denied
12:03 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\nod32 install manual_v2_ig.pdf". Access is denied
12:03 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\mozilla firefox\firefox setup 1.5.0.4.exe". Access is denied
12:03 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\spyware\spybotsd14.exe". Access is denied
12:08 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\computer ads\mozilla firefox\firefox setup 1.5.0.4.exe:zone.identifier". Access is denied
12:09 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\temp\nod32\nod32 install manual_v2_ig.pdf". Access is denied
12:09 PM: Warning: Failed to open file "c:\documents and settings\bob\my documents\security\nod32\nod32 install manual_v2_ig.pdf". Access is denied
12:12 PM: File Sweep Complete, Elapsed Time: 00:48:09
12:12 PM: Full Sweep has completed. Elapsed time 00:54:39
12:12 PM: Traces Found: 0
12:13 PM: Full Sweep has completed. Elapsed time 00:54:39
12:13 PM: Traces Found: 0
12:13 PM: Full Sweep has completed. Elapsed time 00:54:39
12:13 PM: Traces Found: 0
12:13 PM: Full Sweep has completed. Elapsed time 00:54:39
12:13 PM: Traces Found: 0
12:13 PM: Full Sweep has completed. Elapsed time 00:54:39
12:13 PM: Traces Found: 0
********
--------------------------------------------------------------------------------------------------------

RootkitReveal

HKLM\S-1-5-21-3266277740-2725192599-853142344-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D17AC84E-324E-A1BA-5719-35A482164F78}* 5/28/2006 6:59 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 4/13/2006 2:19 PM 0 bytes Access is denied.
C:\Documents and Settings\Bob\My Documents\Computer Ads\Error messages\VundoFix.exe:Zone.Identifier 6/21/2006 10:45 AM 26 bytes Hidden from Windows API.
C:\Documents and Settings\Bob\My Documents\Computer Ads\Kerio Firewall\kerio download 3.15.06.exe:Zone.Identifier 5/28/2006 1:28 PM 26 bytes Hidden from Windows API.
C:\Documents and Settings\Bob\My Documents\Computer Ads\Mozilla Firefox\Firefox Setup 1.5.0.4.exe:Zone.Identifier 6/22/2006 4:15 PM 26 bytes Hidden from Windows API.
C:\Documents and Settings\Bob\My Documents\Computer Ads\Spyware\spybotsd14.exe:Zone.Identifier 6/19/2006 3:13 PM 26 bytes Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010001.ci 6/23/2006 2:57 PM 12.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010001.dir 6/23/2006 2:57 PM 356 bytes Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010003.ci 6/23/2006 3:03 PM 4.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010003.dir 6/23/2006 3:03 PM 316 bytes Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010005.ci 6/23/2006 3:09 PM 4.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010005.dir 6/23/2006 3:09 PM 316 bytes Hidden from Windows API.
C:\System Volume Information\catalog.wci\CiFLfffc.000 6/23/2006 3:09 PM 240 bytes Hidden from Windows API.
C:\System Volume Information\catalog.wci\CiFLfffc.001 6/23/2006 3:09 PM 704.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\CiFLfffc.002 6/23/2006 3:09 PM 704.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\CiFLfffd.000 6/23/2006 3:03 PM 240 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\catalog.wci\CiFLfffd.001 6/23/2006 3:03 PM 704.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\catalog.wci\CiFLfffd.002 6/23/2006 3:03 PM 704.00 KB Visible in Windows API, but not in MFT or directory index.

--------------------------------------------------------------------------------------------------------------------------

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:17:59 PM, 6/23/2006
+ Report-Checksum: 60AE7061

+ Scan result:

:mozilla.9:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\laiwx5af.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup


::Report End

----------------------------------------------------------------------------------------------------------------

VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.7

Scan started at 2:07:05 PM 6/23/2006

Listing files found while scanning....


C:\WINDOWS\SYSTEM32\qttss.ini2
C:\WINDOWS\SYSTEM32\qttss.bak2
C:\WINDOWS\SYSTEM32\qttss.tmp
C:\WINDOWS\SYSTEM32\qttss.ini2
C:\WINDOWS\SYSTEM32\ssttq.dll
Attempting to delete C:\WINDOWS\SYSTEM32\qttss.ini2
C:\WINDOWS\SYSTEM32\qttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qttss.bak2
C:\WINDOWS\SYSTEM32\qttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qttss.tmp
C:\WINDOWS\SYSTEM32\qttss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssttq.dll
C:\WINDOWS\SYSTEM32\ssttq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.7

Scan started at 2:50:05 PM 6/23/2006

Listing files found while scanning....


No infected files were found.

#34 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 24 June 2006 - 08:51 AM

You had Vundo again

Get all of these and/or verify you have the current versions

SpywareBlaster 3.5.1 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS Windows Defender - http://www.microsoft.com/downloads/details...;displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware, MS Defender (W2k/XP) and Spybot, fixing anything they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Check for updates and run weekly
======================

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#35 pdx5

pdx5
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 24 June 2006 - 12:37 PM

Thanks again MFDnSC and have a great weekend!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users