Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyquake2..grrr!


  • Please log in to reply
25 replies to this topic

#1 abearden

abearden

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 02 October 2006 - 07:59 PM

A new laptop and a new virus. THanks for the help...here's the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:55:12 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew Bearden\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

BC AdBot (Login to Remove)

 


#2 abearden

abearden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 03 October 2006 - 05:41 PM

here's my hijack this report...thanks!

Logfile of HijackThis v1.99.1
Scan saved at 3:39:09 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\components\flx2.dll
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs:
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

#3 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:05:23 AM

Posted 04 October 2006 - 03:18 PM

Hi abearden,

You have a classic Smitfraud infection.

It would appear you've disabled some startup entries using msconfig going by the two HJT logs posted.....

If this is the case, can I ask you to re-enable them all please and post a fresh HijackThis log for me.

Also download SmitfraudFix by S!Ri from either of these mirrors to your desktop:

SmitfraudFix Mirror 1
SmitfraudFix Mirror 2

Right click SmitfraudFix.zip and Extract (unzip) the SmitfraudFix folder inside to your desktop.

Open the SmitfraudFix folder and double-click "smitfraudfix.cmd"

Select option #1 - "Search" by typing 1 and pressing "Enter".

Copy & paste the contents of the text file which appears back here please.

SOME ANTI-VIRUS PROGRAMS DETECT PROCESS.EXE (A COMPONENT OF THE REMOVAL TOOL USED IN THIS FIX) AS A "RISKTOOL". IT IS NOT HARMFUL AND ANY ALERTS FROM YOUR ANTI-VIRUS PROGRAM OF THIS NATURE SHOULD BE IGNORED.
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#4 abearden

abearden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 04 October 2006 - 08:56 PM

okay, I enabled all startup programs...here's the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:49:39 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs:
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

And here's the smitfraud:

SmitFraudFix v2.104

Scan done at 18:53:13.57, Wed 10/04/2006
Run from C:\Documents and Settings\Andrew Bearden\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Andrew Bearden


C:\Documents and Settings\Andrew Bearden\Application Data


Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

C:\DOCUME~1\ANDREW~1\FAVORI~1

C:\DOCUME~1\ANDREW~1\FAVORI~1\Antivirus Test Online.url FOUND !

Desktop


C:\Program Files

C:\Program Files\Safety Bar\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


pe386-msguard-lzx32


Scanning wininet.dll infection


End

#5 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:05:23 AM

Posted 05 October 2006 - 07:57 AM

You may wish to save these instructions to notepad or print them out for use while in Safe Mode.


Step 1

Re-configure Windows Explorer to show hidden files & folders:
How to Show Hidden Files & Folders

Ensure you're familiar with rebooting into Safe Mode:
How to Boot into Safe mode


Download and install the trial version of AVG Anti-Spyware.

The program should launch automatically after installation. If not, double-click the desktop icon.

Deactivate the Resident Shield

- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.
- Then go to Start > Run and type services.msc
- In the Services window, scroll down to AVG Anti-Spyware Guard and double click it to bring up another window.
- Hit the [Stop] button and change the "startup type" to disabled using the drop down menu.
- Exit the services page.

Update AVG's Definitions

- AVG automatically updates the spyware definitions if you are connected to the net during installation.
- As a precaution, click the "Update" icon from the main menu.
- Then click the "Start Update" button.
- When you receive the "Update successful" prompt, close AVG.
- Note: If you have any problems with the updater, you can Update AVG Manually.




Step 2

Next, please reboot your computer in Safe Mode - Very Important !!

Scan with HijackThis again and checkmark the boxes before the following entries (if still present):-

O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll

O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h


Close ALL OTHER WINDOWS and click "Fix Checked"


Step 3

Clean your Cache and Cookies in IE:
Go to Control Panel > Internet Options > General tab.
Click the "Delete Cookies" button and then the "Delete Files" button next to it.
When prompted, place a check in: "Delete all offline content", click OK.

Clean your Cache and Cookies in Firefox (if you also have Firefox installed):
Go to Tools > Options. Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking "Clear All".
A confirmation dialog box will be shown before clearing the information.

Clean other Temporary files + Recycle bin
Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.


Step 4

Now open the SmitfraudFix folder on your desktop and double-click smitfraudfix.cmd

Select option #2 - "Clean" by typing 2 and pressing "Enter" to delete the infected files.

You will then receive the following prompt:

"Registry cleaning - Do you want to clean the registry ? (y/n)"

Type Y for yes and press "Enter" to remove the Desktop background and clean the associated registry keys for this infection.

The tool will then check if the file wininet.dll is infected.

You may be prompted to replace the infected file with another copy from your machine (if found):

"Replace infected file ? (y/n)"

Type Y for yes and press "Enter" to restore a clean copy of the file on your machine.

Restart your computer to complete the removal process.

(A log file of the fix can be found at the root of your system drive, usually at C:\rapport.txt)


Step 5

Reboot back into Safe Mode again and open AVG Anti-Spyware.

- Click the "Scanner" icon from the main menu.

- Click "Complete System Scan" to start scanning.

- When finished, click "Recommended action" beneath the results window and select Quarantine.

- Then click the "Apply all actions" button to quarantine everything detected.

- Then click Save report > Save report as and save the Report-Scan.txt to your desktop.


Step 6

Next go to Start > Control Panel and click Display | Desktop | Customise Desktop | Web | Webpages and uncheck any pages listed.

Reboot back to normal Windows mode and run an online scan at Panda ActiveScan

Once on the Panda site click the Scan your PC button and then the Check Now button on the nex screen.

Enter your details in the required fields.

Then click the big Scan Now button.

Allow the Active X component to install and download the necessary files.

When the download is complete, click on Local Disks to start the scan.

Upon scan completion, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


Step 7

Post the the following in your next reply please:
  • Fresh HijackThis log (generated after the Panda scan)
  • C:\rapport.txt
  • AVG Report-Scan.txt
  • Panda scan results.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#6 abearden

abearden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 06 October 2006 - 12:29 AM

It appears I have the Downloader virus as well. Just great. Here are the logs. Thanks again!


Logfile of HijackThis v1.99.1
Scan saved at 10:26:20 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVW32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs:
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe


SmitFraudFix v2.104

Scan done at 16:27:40.00, Thu 10/05/2006
Run from C:\Documents and Settings\Andrew Bearden\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:39:24 PM 10/5/2006

+ Scan result:



HKU\S-1-5-21-3910648101-857196145-2319601737-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Erin Bearden\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\Erin Bearden\Start Menu\Programs\SpyQuake2.com -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\Erin Bearden\Start Menu\Programs\SpyQuake2.com\SpyQuake2.com 2.3 Website.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\Erin Bearden\Start Menu\Programs\SpyQuake2.com\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\Erin Bearden\Start Menu\Programs\SpyQuake2.com\Uninstall SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\Erin Bearden\Start Menu\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP25\A0005938.dll -> Adware.Virtumionde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005830.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005855.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005856.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005857.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005858.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005859.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005860.EXE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005861.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005862.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005863.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005864.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005865.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005866.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005867.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005868.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005869.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005870.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005871.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005872.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005873.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005913.exe -> Downloader.Zlob.ans : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qjlrbklj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vibgmiov.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24\A0005821.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP25\A0005951.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP25\A0006147.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned with backup (quarantined).
:mozilla.581:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.547:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.593:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.607:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.414:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.415:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.362:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.125:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.126:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.128:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.129:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.130:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.131:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.524:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.525:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.134:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.135:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.136:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.159:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.160:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.532:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.243:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.72:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.73:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.75:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.538:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.132:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.133:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.148:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.149:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.181:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.182:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.189:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.191:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.194:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.179:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.431:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.539:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.282:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.86:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.492:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.617:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.528:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.107:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.108:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.112:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.444:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.338:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.339:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.340:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.341:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.342:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.343:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.373:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.455:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.485:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.103:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.104:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.237:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.622:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.388:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.389:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.390:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.391:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.283:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.284:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.285:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.298:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.299:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.300:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.301:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.302:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.294:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.295:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.296:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.297:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.515:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.516:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.517:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.518:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.519:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.140:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.141:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.142:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.548:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.549:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.550:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.19:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.21:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.22:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.23:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.24:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.26:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.27:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.28:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.29:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.30:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.31:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.32:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.34:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.52:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.152:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.153:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.154:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.155:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.590:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.260:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.261:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.262:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.263:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.264:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.265:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.266:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.267:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.113:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.114:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.115:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.116:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.118:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.150:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.151:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.380:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.381:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.247:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.254:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.255:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.256:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.257:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.258:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.100:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.101:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.102:C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


Incident Status Location

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Andrew Bearden\Application Data\Mozilla\Firefox\Profiles\ift07fzc.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Andrew Bearden\Cookies\andrew bearden@stats1.reliablestats[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Andrew Bearden\Desktop\SmitfraudFix\Process.exe
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt[.go.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Erin Bearden\Application Data\Mozilla\Firefox\Profiles\5wclw8el.default\cookies.txt[.belnk.com/]
Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\system32\winwly32.dll

#7 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:05:23 AM

Posted 06 October 2006 - 03:02 PM

I take it you ran SmitfraudFix twice? Everything found in the first log was missing from the second one you posted....

Ewido took care of most of the leftovers except a few cookies in your Firefox cache which you can clear manually and the following file which Panda flagged:

C:\WINDOWS\system32\winwly32.dll

Delete this and you should be good to go.

How's the machine running now?
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#8 abearden

abearden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 06 October 2006 - 06:45 PM

Well, I am still getting popups from spywaredoctor.com and popups on my startup toolbar trying to trick me into clicking...my system will not allow me to delete the above mentioned file, and I'm even getting popups on Firefox. It looks like we got rid of the one virus but another one is lurking...let me know what to do next.

Also, my computer is doing the same thing my OTHER computer did when it got the same virus...it won't let me open any program by clicking or exploring files. I have to CtrlAltDel and go to File>Run to open anything. This goes for Safe Mode, too.

Oh, and here's a new Hijackthis log...I deleted the cache again.

Logfile of HijackThis v1.99.1
Scan saved at 4:41:39 PM, on 10/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVW32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVW32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs:
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

#9 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:05:23 AM

Posted 07 October 2006 - 02:56 AM

I don't think SmitfraudFix worked correctly as some of the files it targets are still present. We'll come back to that soon if necessary.

Copy the entire contents of the Quote Box below to Notepad. Name the file Readit.bat Change the "Save as Type" to All Files and Save it on the desktop. Once saved, double click on the Readit.bat file. A new text document will appear (look.txt) on your desktop. Open this document with Notepad and post its contents in your next reply please.

C:\Windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s >> look.txt start notepad look.txt


========

Download Killbox to your desktop.

Double-click killbox.exe

Click Tools > Delete Temp Files.

Click the drop down menu in the middle and select C:\Documents and Settings\%username% from the list.

Now check/tick the boxes beside the following options above the drop down menu:

[x] Temporary Internet Files
[x] Temp Files
[x] Cookies
[x] XP Prefetch
[x] Recent
[x] History

Then click the Delete Selected Temp Files button.

Back on the main Killbox menu now, select the option "Delete on reboot" and then click the All Files button.

Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:

C:\WINDOWS\system32\winwly32.dll
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe


Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'.

Then press the red button with a white X in it.

Killbox will tell you that all listed files will be deleted on next reboot and ask if you wish to reboot now, click Yes.

If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

========

Then download Dr.Web CureIt to your desktop:
  • Double-click the drweb-cureit.exe file and allow it to run the express scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow > to the right and the scan will begin.
  • At the first infection, select 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, click the "Select all/select none" toggle button (if available) next to the files found: Posted Image
  • Then click the green cup icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples).
  • Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot.
  • After the restart, post the contents of the Dr.Web.csv log file which you saved.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#10 abearden

abearden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 07 October 2006 - 11:48 AM

The look.txt doc contains no text. Here's the Dr. Web readout:

Process.exe;C:\Documents and Settings\Andrew Bearden\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Andrew Bearden\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
Google Installer.exe\data002;C:\Documents and Settings\Andrew Bearden\Desktop\Unused Desktop Shortcuts\Google Installer.exe;Probably DLOADER.Trojan;;
Google Installer.exe;C:\Documents and Settings\Andrew Bearden\Desktop\Unused Desktop Shortcuts;Archive contains infected objects;Moved.;
ci.dll;C:\Program Files\Google\Google Updater\1.3.612.22906;Probably DLOADER.Trojan;Incurable.Will be moved after reboot.;
A0002517.OCX;C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP12;Adware.Gdown;Incurable.Moved.;
A0005853.dll;C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24;Adware.SearchColours;Incurable.Moved.;
A0005854.exe;C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP24;Adware.SearchColours;Incurable.Moved.;
A0005994.exe;C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP25;Tool.Prockill;Incurable.Moved.;
A0005996.exe;C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP25;Tool.ShutDown.11;Incurable.Moved.;
A0006152.exe;C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP25;Tool.Prockill;Incurable.Moved.;
A0006302.dll;C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP26;Trojan.Mezzia;Deleted.;
A0006315.exe\data002;C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP26\A0006315.exe;Probably DLOADER.Trojan;;
A0006315.exe;C:\System Volume Information\_restore{E5F689B9-8C88-425A-878C-812257CD29D2}\RP26;Archive contains infected objects;Moved.;

#11 abearden

abearden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 07 October 2006 - 11:54 AM

I'm still getting a Winantivirus Pro popup in Mozilla as well.

#12 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:05:23 AM

Posted 08 October 2006 - 04:40 AM

Download Fixpath2.zip by Bill Stewart and extract the files to your C:\ drive to make C:\FIXPATH2

Open a command prompt window by going to Start > Run type: cmd and click Ok.

At the command prompt, type: cd C:\ and press Enter. You should get C:\>.

Then type: cd FIXPATH2 and press Enter to get C:\>fixpath2.

Then type: FIXPATH.EXE and press Enter.

It will display some preliminary information, and ask if it should continue and check for errors, click Yes.

If it successfully updates the Path value in the registry, you will need to reboot for the change to take effect.

====

Then download WinPFind2.exe to your Desktop and double-click on it to extract the files.

It will create a folder named WinPFind2 on your desktop.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings.
  • In the AddOn-Options group click the checkboxes for
    • HKCU_IEDesktop.def
    • Jobs.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button to post the information back here and I will review it when it comes in.
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#13 abearden

abearden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 08 October 2006 - 12:08 PM

Nothing noticeable happened after running fixpath (I opened it a different way as the DOS prompt c:\> did not recognize cd FIXPATH2.

WinPFind2 would freeze upon running the Run All Scans option.

I am still getting a frequent popup on Firefox, several Trojan alerts from Norton and after running ther computer for about 10 minutes I can't open any folders on my desktop without going through Start>Run.

#14 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:05:23 AM

Posted 08 October 2006 - 12:45 PM

Can you run WinPFind in safe mode then please. Don't touch the machine at all while it's scanning.
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#15 abearden

abearden
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 08 October 2006 - 04:40 PM

I didn't touch anything in Safe Mode and it still seems to not respond as soon as I click on Run All Scans. I let it run for 30 minutes and nothing happened...how long should it take?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users