Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hjt Log


  • This topic is locked This topic is locked
17 replies to this topic

#1 knowledge24

knowledge24

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 20 December 2006 - 03:27 PM

Here's a quick recap of what's been going on with my laptop the past few days:
-Last Saturday, I started receiving the NT Authority\Security shutdown messages.
-My Norton AV 2006 stopped its auto LiveUpdates and has now become useless for whatever reason.
-My taskbar goes missing every other session I log on.
-My Control Panel won't open from the Start menu (when the Start menu actually appears), and says something's wrong with netsetup.cpl.
-I searched around and tried Symantec's Worm Removal, but that came up negative.
-I tried Microsoft's Malware Removal tool, but that also came up negative.
-I used ATF Cleaner, Created/Flushed System Restore, downloaded/ran AVG Spy in Safe (clean, log is below), tried Panda and Spybot (both clean as far as I saw). AdAware, however, stalled after a short scan so I had to close it.


Logfile of HijackThis v1.99.1
Scan saved at 8:36:58 AM, on 12/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165695129722
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://connect.ibsys.com/dana-cached/setup/JuniperSetup.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-----UNINSTALL LIST-----

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Alps Pointing-device Driver
AOL Instant Messenger
Apple Software Update
ArcSoft Software Suite
Atheros Client Utility
AVG Anti-Spyware 7.5
Azureus
B's CLiP
ccCommon
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVD-RAM Driver
Eusing Free Registry Cleaner
HijackThis 1.99.1
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Internet Worm Protection
InterVideo WinDVD 4
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Works 7.0
Mozilla Firefox (2.0)
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
Notebook Maximizer
PeerGuardian 2.0
Plaxo Toolbar for Outlook and Outlook Express
Quicken 2004
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SharkPort 2
SoundMAX
SPBBC
Spybot - Search & Destroy 1.4
SurfHere by Toshiba
Symantec
Symantec Technical Support Web Controls
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
TOSHIBA Fax Extension
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad On/Off Utility V2.05.00
TOSHIBA Utilities
Touch and Launch
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

Please help!

Edited by knowledge24, 20 December 2006 - 03:28 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 PM

Posted 22 December 2006 - 07:34 PM

Hello knowledge24,

I am SifuMike and I will be helping you. :thumbsup:

I see you have also posted at GeeksToGo http://www.geekstogo.com/forum/index.php?s...=142408&hl=
Helpers on the Hijackthis forums at both sites are very busy, and by double posting, you take help away from others that need it.
Please go to GeeksToGo and tell them you are receiving help here.




I am not seeing any malware in your Hijackthis log, so we will look deeper.

You posted the UNINSTALL LIST but forgot to post AVG Anti-Spyware 7.5 log in your previous post, so please post it. If you have to run it again to get the log, then be sure to run it in the Safe Mode and quarentine everything it finds.

***********************

You said AdAware stalled, so lets run it again, but this time in the Safe Mode.

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Run Adaware SE with a Full Scan in the Safe Mode.

Let it fix whatever it finds. :flowers:


Ad-Aware SE Setup

***********************

Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.
Be patient, as the run time depends on the number of files on your computer. :huh:


When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

***********************

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Notes:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.


***********************

Lets check your HOSTS file.

It's located at c:\windows\system32\drivers\etc\hosts.
You can open it up in Notepad.
If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;
however, if there are others following 127.0.0.1 localhost, you may have to fix it.
Post it here if that's the case.

***********************

Post the AVG Anti-Spyware 7.5 log, the BitDefender log, the ComboFix log and Hosts file, if it looks bad.

Edited by SifuMike, 22 December 2006 - 10:42 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 knowledge24

knowledge24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 22 December 2006 - 07:57 PM

SifuMike ,

Thanks for the response, I really appreciate the time you're taking with this.

A few changes have occurred since I posted this HJT log:
-I have uninstalled my Norton 2006 and installed AVG's AV program (ran the scan & it was clean...I'll run again when I get home to provide log)
-I did the Panda Online Scan and it found 54 traces of spyware (I'll provide the log, but if you want me to use BitDefender, I'll be more than happy to do that)

I'll basically start over using your instructions and have the reports later tonight.

Again, thanks so much for taking the time to check this out.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 PM

Posted 22 December 2006 - 08:00 PM

Hi,

Please read my previous post again, as I just updated it. :thumbsup:

Be sure to tell GeeksToGo you are being helped here, otherwise we waste helpers time.

Make sure you run AVG Anti-Spyware 7.5 (formerly Ewido) in the Safe Mode (not to be confused with AVG antivirus).

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
5. Click on "Save Report" to view all completed scans.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware 7.5

When done, submit the AVG Anti-Spyware 7.5 log.

Edited by SifuMike, 22 December 2006 - 08:09 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 knowledge24

knowledge24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 22 December 2006 - 08:12 PM

I asked to close the thread. I felt bad about double-posting, but I'm really concerned about the state of my laptop.

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 PM

Posted 22 December 2006 - 08:15 PM

Hi knowledge24,

That is OK. :thumbsup: The important thing is that we do want to tie up two Hijackthis helpers time on the same problem.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 knowledge24

knowledge24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 22 December 2006 - 09:57 PM

Before I go home to go through the list of stuff to do, I have to tell you that my taskbar doesn't appear on screen when I log on. Will that be an issue when I try to disable my antivirus program?

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 PM

Posted 22 December 2006 - 10:02 PM

Hi knowledge24,

You should be able to disable AVG antivirus without using the TaskBar.

Disabling AVG Antivirus is quite simple. Do the following:

In the bottom, right-hand corner of your Desktop is the System Tray and, within it, the AVG Antivirus icon.

Right click the AVG Antivirus icon and select Quit AVG Control Center from the menu.

Edited by SifuMike, 22 December 2006 - 10:04 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 knowledge24

knowledge24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 22 December 2006 - 10:07 PM

I can't get to my system tray either =(

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 PM

Posted 22 December 2006 - 10:11 PM

Hi Knowledge24,

Well, let's do a work around. :thumbsup:
Uninstall AVG antivirus, then run BitDefender as I described previously.

After BitDefender completes, then reinstall AVG antivirus. Do NOT browse the Interent without an antivirus program active or you will get infected.

Edited by SifuMike, 22 December 2006 - 10:23 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 knowledge24

knowledge24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 22 December 2006 - 10:16 PM

Okay, I'll do that. I should have all of this completed later tonight.

Thanks again!

Oh, I should run all of this in Safe Mode, correct?

Edited by knowledge24, 22 December 2006 - 10:17 PM.


#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 PM

Posted 22 December 2006 - 10:47 PM

Read my previous posts. Run Adaware and AVG antispyware in the Safe Mode and post the logs.

In normal mode, run BitDefender, ComboFix and check the Hosts file (post if it if it looks funny).
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 knowledge24

knowledge24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 23 December 2006 - 12:45 PM

Here are the logs you asked for. However, I should note the following:

-When I turn on my laptop, it takes a long time from the "Windows is starting up" screen to the screen with the user accounts.
-When I actually log on, my taskbar/start menu/system tray don't appear, and I get the NT AUTHORITY\SYSTEM countdown to shutdown (due to RPC being terminated unexpectedly).
-I tried to run Ad Aware in Safe mode and it stalled at 58,892 files scanned (the file it was on when scanned started with CSLID or something like that).
-My computer shows no indication of being logged on to the Internet (I have a wireless connection and I can't even get to Network Connections to put up the firewall or make any changes)

Anyhow, the logs:

Logfile of HijackThis v1.99.1
Scan saved at 9:36:31 AM, on 12/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165695129722
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://connect.ibsys.com/dana-cached/setup/JuniperSetup.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

UNINSTALL LIST

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Alps Pointing-device Driver
AOL Instant Messenger
Apple Software Update
ArcSoft Software Suite
Atheros Client Utility
AVG Anti-Spyware 7.5
Azureus
B's CLiP
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVD-RAM Driver
Eusing Free Registry Cleaner
HijackThis 1.99.1
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD 4
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Works 7.0
Mozilla Firefox (2.0)
Notebook Maximizer
Panda ActiveScan
PeerGuardian 2.0
Quicken 2004
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SharkPort 2
SoundMAX
Spybot - Search & Destroy 1.4
SurfHere by Toshiba
Symantec Technical Support Web Controls
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
TOSHIBA Fax Extension
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad On/Off Utility V2.05.00
TOSHIBA Utilities
Touch and Launch
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

#14 knowledge24

knowledge24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 23 December 2006 - 12:49 PM

BITDEFENDER

BitDefender Online Scanner



Scan report generated at: Sat, Dec 23, 2006 - 01:25:06





Scan path: C:\;D:\;







Statistics

Time
01:13:28

Files
531215

Folders
4881

Boot Sectors
2

Archives
7204

Packed Files
60196




Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
357074

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
None

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

No virus found.



COMBOFIX (Should I run ComboFix from the other user account as well?)

Jermaine - 06-12-23 1:28:13.21 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Jermaine\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-23 to 2006-12-23 ))))))))))))))))))))))))))))))))))


2006-12-23 00:04 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-23 00:04 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-22 00:16 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-22 00:12 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-20 08:35 <DIR> d-------- C:\HJT
2006-12-19 22:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-19 09:14 <DIR> d-------- C:\Program Files\Grisoft
2006-12-16 14:30 <DIR> d-------- C:\Program Files\Symantec Technical Support
2006-12-16 10:03 <DIR> dr-h----- C:\Documents and Settings\Jermaine\Recent
2006-12-10 18:53 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-10 18:51 <DIR> d----c--- C:\WINDOWS\ie7
2006-12-10 18:47 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-09 16:37 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-12-09 14:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-09 14:04 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-09 12:56 <DIR> d-------- C:\WINDOWS\peernet
2006-12-09 12:42 <DIR> d-------- C:\WINDOWS\EHome
2006-12-09 10:07 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2006-12-09 10:07 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2006-12-09 10:07 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2006-12-09 10:07 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-12-09 10:07 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2006-12-09 10:07 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2006-12-09 10:07 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2006-12-09 10:07 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2006-12-09 10:07 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2006-12-09 10:06 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2006-12-09 10:06 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2006-12-09 10:06 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2006-12-09 10:06 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2006-12-09 10:06 73,796 --------- C:\WINDOWS\system32\slserv.exe
2006-12-09 10:06 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-12-09 10:06 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2006-12-09 10:06 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-12-09 10:06 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2006-12-09 10:06 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2006-12-09 10:06 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2006-12-09 10:06 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2006-12-09 10:06 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2006-12-09 10:06 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2006-12-09 10:06 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-12-09 10:06 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2006-12-09 10:06 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2006-12-09 10:06 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2006-12-09 10:06 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2006-12-09 10:06 32,866 --------- C:\WINDOWS\slrundll.exe
2006-12-09 10:06 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2006-12-09 10:06 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2006-12-09 10:06 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-12-09 10:06 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2006-12-09 10:06 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2006-12-09 10:06 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2006-12-09 10:06 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2006-12-09 10:06 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2006-12-09 10:06 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2006-12-09 10:06 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-12-09 10:06 20,992 --------- C:\WINDOWS\system32\bthci.dll
2006-12-09 10:06 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2006-12-09 10:06 188,508 --------- C:\WINDOWS\system32\slgen.dll
2006-12-09 10:06 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-12-09 10:06 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2006-12-09 10:06 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2006-12-09 10:06 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2006-12-09 10:06 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2006-12-09 10:06 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-12-09 10:06 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-12-09 10:06 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2006-12-09 10:06 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2006-12-09 10:06 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2006-12-09 10:06 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-12-09 10:06 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-12-09 10:06 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-12-09 10:06 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-12-09 10:06 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-12-09 10:06 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2006-12-09 10:06 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2006-12-09 10:06 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2006-12-09 10:06 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2006-12-09 10:06 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-12-09 10:06 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2006-12-09 10:06 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2006-12-09 10:06 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-12-09 10:05 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-12-09 10:05 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-12-09 10:05 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-09 10:05 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-12-09 10:05 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-12-09 10:05 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-12-09 10:05 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2006-12-09 10:05 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-12-09 10:05 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2006-12-09 10:05 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2006-12-09 10:05 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2006-12-09 10:05 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2006-12-09 10:05 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2006-12-09 10:05 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2006-12-09 10:05 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-12-09 10:05 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-12-09 10:05 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-12-09 10:05 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-12-09 10:05 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2006-12-09 10:05 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-12-09 10:05 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2006-12-09 10:05 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2006-12-09 10:05 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2006-12-09 10:05 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2006-12-09 10:05 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2006-12-09 10:05 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2006-12-09 10:05 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2006-12-09 10:05 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-12-09 10:05 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-12-09 10:05 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2006-12-09 10:05 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2006-12-09 10:05 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2006-12-09 10:05 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-12-09 10:05 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2006-12-09 10:05 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-12-09 10:05 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2006-12-09 10:05 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-12-09 10:05 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2006-12-09 10:05 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-12-09 10:05 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-12-09 10:05 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-12-09 10:05 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-12-09 10:05 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2006-12-09 10:05 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-12-09 10:05 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2006-12-08 08:56 <DIR> d-------- C:\Config.Msi
2006-12-08 08:44 <DIR> d-------- C:\Program Files\Canon
2006-11-24 18:46 3,274,480 --a------ C:\Documents and Settings\Jermaine\neoteris_read_3972145.reg
2006-11-24 16:26 3,274,480 --a------ C:\Documents and Settings\Jermaine\neoteris_read_14949315.reg


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-23 01:26 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-22 00:59 -------- d-------- C:\Program Files\WinRAR
2006-12-22 00:59 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-22 00:59 -------- d-------- C:\Program Files\QuickTime
2006-12-22 00:56 -------- d-------- C:\Program Files\ltmoh
2006-12-22 00:54 -------- d-------- C:\Program Files\Internet Explorer
2006-12-22 00:49 -------- d-------- C:\Program Files\Apoint2K
2006-12-22 00:49 -------- d-------- C:\Program Files\AIM
2006-12-21 23:43 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-21 22:06 -------- d-------- C:\Program Files\Plaxo
2006-12-17 21:30 -------- d-------- C:\Program Files\Outlook Express
2006-12-17 21:30 -------- d-------- C:\Program Files\Common Files\System
2006-12-16 18:27 -------- d-------- C:\Program Files\Common Files
2006-12-16 18:08 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-12-16 10:05 -------- d-------- C:\Documents and Settings\Jermaine\Application Data\Azureus
2006-12-15 10:45 -------- d-------- C:\Program Files\PeerGuardian2
2006-12-13 22:11 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-10 23:01 -------- d-------- C:\Program Files\Messenger
2006-12-09 12:56 -------- d-------- C:\Program Files\Windows Media Player
2006-12-09 12:56 -------- d-------- C:\Program Files\Movie Maker
2006-12-09 12:52 -------- d-------- C:\Program Files\Windows NT
2006-12-09 12:52 -------- d-------- C:\Program Files\NetMeeting
2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-26 18:15 -------- d-------- C:\Program Files\Java
2006-11-16 22:14 -------- d-------- C:\Documents and Settings\Jermaine\Application Data\DivX
2006-11-16 07:03 -------- d-------- C:\Program Files\DivX
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-05 15:18 -------- d-------- C:\Documents and Settings\Jermaine\Application Data\AdobeUM
2006-11-05 15:15 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 11:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 11:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 11:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 11:04 635486 --a------ C:\WINDOWS\system32\DivX.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"00THotkey"="C:\\WINDOWS\\System32\\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"
"TFNF5"="TFNF5.exe"
"PadTouch"="\"C:\\Program Files\\TOSHIBA\\PadTouch\\PadExe.exe"
"TPSMain"="TPSMain.exe"
"TFncKy"="TFncKy.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"B'sCLiP"="C:\\PROGRA~1\\B'SCLI~1\\Win2K\\BSCLIP.exe"
"Pinger"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe /run"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,92,00,00,00,00,00,00,00,6e,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-23 1:29:07.79
C:\ComboFix.txt ... 06-12-23 01:29



AVG ANTI-SPYWARE

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:09:48 AM 12/23/2006

+ Scan result:



:mozilla.253:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.254:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.255:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.256:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.257:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.258:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.259:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.260:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.261:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.262:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.263:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.264:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.265:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.266:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.267:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.336:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.340:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.361:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.519:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.540:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.559:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.690:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.695:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.175:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.182:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.183:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.184:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.185:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.186:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.188:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.189:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.190:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.191:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.192:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.193:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.194:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.195:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.196:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.197:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.198:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.199:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.200:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.201:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.202:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.203:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.89:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.90:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Mareden\Cookies\mareden@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Jermaine\Cookies\jermaine@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.214:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.215:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.121:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.29:C:\Documents and Settings\Mareden\Application Data\Mozilla\Firefox\Profiles\1m7yw2e7.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.6:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.783:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.13:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.16:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.18:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.7:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.169:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.170:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.171:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.232:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Mareden\Cookies\mareden@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Mareden\Cookies\mareden@techrepublic.com[2].txt -> TrackingCookie.Com : No action taken.
:mozilla.155:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.156:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.157:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.158:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.22:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.204:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.209:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.210:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.211:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.212:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.213:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.24:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.25:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.26:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.132:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.172:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.174:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.44:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.46:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.47:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.48:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.49:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.50:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.415:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.756:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.757:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.148:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.578:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Jermaine\Cookies\jermaine@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Jermaine\Cookies\jermaine@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.205:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.206:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.207:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.208:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Mareden\Cookies\mareden@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.216:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.217:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.218:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.625:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.240:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.241:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.242:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.243:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.244:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.245:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.246:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.247:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.248:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Jermaine\Cookies\jermaine@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Mareden\Cookies\mareden@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.328:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.630:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.631:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.632:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.633:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.634:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Mareden\Cookies\mareden@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.347:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.348:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.286:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Jermaine\Cookies\jermaine@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.11:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.15:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Jermaine\Cookies\jermaine@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Mareden\Cookies\mareden@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.672:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.673:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.674:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.675:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.676:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.677:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.678:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.679:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Jermaine\Cookies\jermaine@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.10:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.17:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.23:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.8:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.9:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Jermaine\Cookies\jermaine@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Mareden\Cookies\mareden@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.620:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.621:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.622:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.623:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.624:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.109:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.143:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.144:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.145:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Jermaine\Cookies\jermaine@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.92:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.93:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.94:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Jermaine\Cookies\jermaine@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end


HOST FILE

#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost




Thanks for helping me. I look forward to your recommendations.

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:01 PM

Posted 23 December 2006 - 01:30 PM

Hi knowledge24,

I tried to run Ad Aware in Safe mode and it stalled at 58,892 files scanned (the file it was on when scanned started with CSLID or something like that).



There are a number of possible reasons behind this problem. To correct:

* First, update to Build 1.06 and download the latest definition
file if you have not done so.

* Second, it is highly recommended that you run a disk
defragmentation on your computer, then a thorough “Check” or “Scan
Disk”
depending on your Windows version. Try scanning in safe mode.

* Third, start Ad-Aware scan from the Windows command line. Do as
follows:
o Click "Start", then "Run". Next, type the text shown below
(including the quotation marks and with the same spacing as
shown) for your version of Ad-Aware SE:

*"C:\Program Files\Lavasoft\Ad-Aware SE
Professional\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe"
/full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE
Personal\Ad-Aware.exe" +procnukep*


o Click “OK”.

o Note: The path above (between the quotes) is the default
location of Ad-Aware SE. If you installed your Ad-Aware to a
different directory, adjust the path accordingly.
For Ad-Aware SE Personal, when the GUI launches, click “Start”,
then “Full System Scan”. Click “Next”, then “OK”.

o When the scan is complete, select “Next”. In the “Scanning
Results” window, select the "Scan Summary" tab. Check the
box next to each "target family" you wish to remove, then
click “Next”, then OK”.

* If you still have problems, cancel before the scan reaches the
point of stalling -- for example, after 20 objects are detected.
Click “Cancel” on your log file. Remove any objects you want and
rescan. Again, stop the scan before it reaches the point of
stalling and remove any additional objects. Then try a full scan
without stopping it. This should work for you now.


The Hosts file looks good, as does the BitDefender Online scan.


mozilla.253:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.254:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.255:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.256:C:\Documents and Settings\Jermaine\Application Data\Mozilla\Firefox\Profiles\z3hgxzzk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.


The AVG anti-spyware log shows you did not quarentine everything found. :thumbsup:
Please run AVG anti-spyware again in the Safe Mode, when the scan has finished you will be presented with a list of infected objects found.
Click "Apply all actions" to place the files in Quarantine.
Click on "Save Report" to view all completed scans.
Post the log.

Should I run ComboFix from the other user account as well?


No, not yet.

This is the first time you have mentioned you have other accounts on this computer, so that leads me to believe that you may have an infection on one or both of the other accounts. Each account is a source of infection and needs a seperate Hijackthis log.

How many other accounts do you have?

Please post a Hijackthis log for the other user account (s).
Working with more than one Hijackthis log is confusing, so be sure to tell me which account they are from.

BTW, do you have the Windows Install CD that came with your computer? You may have a damaged windows files and the Windows Install CD will repair it. Mine is labeled "Reinstallation CD MicroSoft Windows XP Home Edition"

Edited by SifuMike, 23 December 2006 - 02:14 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users