View Full Version : Hi, anyone willing to help a newbie?
Ok I'll do my best, but this is my first time.
I recently encountered a Virus disguised as "media-codec 4.0".
I tried to uninstall with ad/remove, and it told me to restart my computer.
After restarting my computer, it was still there. It said something along the lines of "not found" and disappeared from the list.
I then went to another item that came from the virus, (it had also told me to restart) and I tried to remove it. It said "access denied, see your system admin". It too then vanished from the list.
I'm sorry I cannot name them as it was some time ago.
After some time of using spybot and my antivirus to no avail, I decided upon a system restore, to the previous day. All seemed to be going well, untill after finally starting up I noticed a message labeled "Windows Security Alerts".
Apparently my antivirus' auto-protectt has been disabled.
When I click "Enable Auto-Protect" nothing happens.
When i try to scan it says "Symantec AntiVirus could not access the scan engine. Please ensure the product is properly installed."
I suppose now would be a good time to note that I am using Symantec AntiVirus Corporation Edition. Version 9.0.3.1000
I tried repairing the installation. It did not change the situation.
I tried reinstalling, no change.
The only other spyware/antivirus I have attempted is Spybot. It could not remove a particular file. I told it to run upon the next startup, hence the excruciatingly long start upon system restore.
I know whatever I've said has been ill-presented. I would appreciate any help given, especially concerning this message: "Symantec AntiVirus could not access the scan engine. Please ensure the product is properly installed."
Thank you.
Hi Meddle, welcome to Short-Media! :)
I need to see a HijackThis log.
Click here (http://www.thespykiller.co.uk/files/HJTSetup.exe) to download HJTsetup.exe
Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Copy and paste the log here
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
Thank you for your quick response. Here is the log.
Logfile of HijackThis v1.99.1
Scan saved at 8:25:22 AM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\laurier's net drive\wdService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sympatico.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI01DA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Programs\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Programs\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Evan\Games\EmpirePoker\EmpirePoker\RunEPoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Evan\Games\EmpirePoker\EmpirePoker\RunEPoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Evan\Games\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Evan\Games\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Colin\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Evan\Games\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Evan\Games\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/279b093be887392cb623/netzip/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab46704.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F85AEFD-141E-4C31-8CBD-1E56F2226BB9}: NameServer = 67.69.184.151 206.47.244.57
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - c:\program files\laurier's net drive\wdService.exe
Thanks for the logs...please do this:
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
=====
I would like to see another log from HijackThis. Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button. It will open a Notepad file.
Copy & Paste the entire contents of that file in your in your next post.
=====
Please post the following:
1) Contents of C:\rapport.txt
2) Uninstall list
SmitFraudFix v2.84
Scan done at 8:43:38.28, Sat 09/09/2006
Run from C:\Documents and Settings\Colin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Colin\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Colin\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Absolute Poker
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.8
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Funhouse
ArcSoft PhotoBase 3
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
Ares 1.8.1
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Audacity 1.2.3
Blasterball 2 Holidays (Free with Game Console - WildGames)
CD to MP3 Maker
Clue
CodeBaby Player (Remove Only) 1.0.2.15
Collage Creator
Conquer1.0
Continuum 0.39
CyberTweak Version 1.3 Final
DAEMON Tools
Dan Elwell's Broadband Speed Test
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
DefilerPak 1.19 (Remove Only)
Digital Photo Navigator 1.5
Direct Show Ogg Vorbis Filter (remove only)
DirectX Media Runtime 5.1
DivX Player
DivX Pro Trial
Doom 3 DVD
Easy CD-DA Extractor 7.1
EmpirePoker
eMusic - 50 Free MP3 offer
Exact Audio Copy 0.95b4
Final Fantasy VII - Ultima Edition
FlashGet(JetCar)
foobar2000
Free CD to MP3 Converter
Game Console - WildGames
GamesGrid Poker
Google Desktop Search
Google Earth
Google Toolbar for Internet Explorer
Google Video Player
Hamachi 0.9.9.9
Hero Editor V0.80
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
HyperLoad - Multiplayer Billiards
IKEA Home Planner Kitchen
Intel(R) PRO Network Adapters and Drivers
InterActual Player
Internet Explorer Security Plugin 2006
Internet Security Add-On
InterPoker
iPod for Windows 2006-01-10
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Kazaa Lite K++ v2.4.2
Lexmark X74-X75
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Magic Online
Matroska Pack - Lazy Man's MKV 0.93 (2004-10-28)
MEGA PIXEL DSC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
mkw Audio Compression Toolkit
Mozilla Firefox (1.0.7)
MSN Gaming Zone
MSXML 4.0 SP2 Parser and SDK
Nero 6 Ultra Edition
NetAssistant
NetDrive
O&O Defrag Professional Edition
Ogg Converter
OpenMG Limited Patch 3.2-03-01-31-01
OpenMG Limited Patch 3.2-03-02-07-01
OpenMG Secure Module 3.2
Opera
Palmcorder USB Device Driver 2.00
Panda ActiveScan
PartyPoker
Photolab - Windows XP Online Order Wizard
Power MP3 WMA Converter 2006, (ver 3.0)
Power Tab Editor 1.7
PowerDirector Express
PowerDVD
PowerProducer
Public Messenger ver 2.03
QuickTime
Real Alternative 1.48
RealArcade
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Skype 2.0
Soulseek Client 152
SoundMAX
SpeedOptimizer
Spybot - Search & Destroy 1.3
Symantec AntiVirus
TeamSpeak 2 RC2
The Print Shop Premier Edition 5.0
UltimateBet
UltimateBuddy
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
USB Driver for Panasonic DVC
Ventrilo Client
VideoLAN VLC media player 0.8.2
Viewpoint Media Player
WC3Banlist
Winamp (remove only)
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows SA
Windows SR 3.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.1
WinRAR archiver
Xfire (remove only)
XviD MPEG-4 Video Codec
Yahoo! Install Manager
Yahoo! Messenger
Zoom Player (remove only)
Hi Meddle! Can you do the following please...
Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:
eMusic - 50 Free MP3 offer
Spybot - Search & Destroy 1.3 << old version. We'll get the new one later.
Viewpoint Media Player
=====
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply, along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Sorry for the late response, restarting now.
Here it is:
SmitFraudFix v2.84
Scan done at 9:37:49.39, Sat 09/09/2006
Run from C:\Documents and Settings\Colin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 9:43:41 AM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\laurier's net drive\wdService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI01DA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Programs\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Programs\Intertops Poker\IntertopsPoker.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Evan\Games\EmpirePoker\EmpirePoker\RunEPoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Evan\Games\EmpirePoker\EmpirePoker\RunEPoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Evan\Games\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Evan\Games\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Colin\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Evan\Games\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Evan\Games\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/279b093be887392cb623/netzip/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab46704.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F85AEFD-141E-4C31-8CBD-1E56F2226BB9}: NameServer = 67.69.184.151 206.47.244.57
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - c:\program files\laurier's net drive\wdService.exe
I ran spybot after installing v1.4
It removed everything it found successfully.
I restarted my computer to see if there was any change, there wasn't.
My antivirus' auto-protect is still disabled, and I am still unable to perform any scans.
edit:
The scan after the restart detected the same problem as before, Windows Security Center.AntiVirusDisableNotify, which was allegedly fixed.
After reading the details (yay again for 1.4...)
Company: Microsoft
Product: Windows Security Center
Threat: Changed Security Center Settings
Company product URL:
_http://forums.net-integration.net/index.php?showtopic=32260_
Functionality
This entry only wants to bring to your attention that "someone" has disabled one or more notifications in the Windows security center.
If you’ve changed the settings yourself you can safely tell Spybot to exclude those detections from further searches. In order to do this please right click on each in turn, then click "exclude this detection from future searches". That way, should any other part of security center settings change Spybot will still detect those. For more information please visit our forum linked above.
"Windows Security Center.AntiVirusDisableNotify" , if this is found, the Security Center does not notify about the antivirussoftware.
This could have been disabled by your antivirussoftware to avoid double notifications. If your antivirussoftware is up and running , you can ignore this detection.
It seems it is less of a problem in it's own. Good luck to whomever is trying to discern and fix the source.
edit:
Updates were unable to be successfully installed
The following updates were not installed:
Office XP Service Pack 3
>(
Meddle
10 Sep 2006, 9:53am
Ok.... I woke up and found out Auto-Protect was somehow enabled and I didn't have windows bugging me about it.
Excited, I quickly attempted to scan the hard drive.
!! Symantec AntiVirus could not access the scan engine. Please ensure the product is properly installed.
At this point I'm desperate for any help that isn't reformatting.
Trogan
10 Sep 2006, 10:15pm
Hi Meddle! Sorry for the delay. Can you do the following please...
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: (no name) - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - (no file)
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HijackThis
About your Norton problem, has the situation changed? I believe this is a software problem more than a malware problem.
Meddle
11 Sep 2006, 1:40am
I did as you instructed.
I have a feeling my anti-virus malfunction has something to do with the system restore I performed. The fact that reinstalling doesn't fix it is what has me concerned. The most strange part of all is when the auto-protect suddenly started to work.
Also, should i be worried that I can't install LiveUpdates?
Specifically service pack 3.
Trogan
11 Sep 2006, 2:03pm
I'm not sure what is going on with Norton. You may want to try the Software Forum here and see if you get any help there.
Can you do these scans please:
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
=====
You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!
Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install Ewido by double clicking the installer.
Follow the prompts. Make sure that Launch Ewido is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Note: If the Update now option is grayed out, follow the steps below.
Click on Update on the toolbar.
Under Manual update, click on the Start Update button.
Wait until you see the Update succesfull message.
Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
Once in Safe Mode:
Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img86.imageshack.us/img86/4586/scan1nx.jpg
When done, click the Save Scan Report button.
Click the Save Report as button.
Save the report to your Desktop.
Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
=====Reboot back into Normal Mode=====
Please do an online scan with Panda ActiveScan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm)
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
=====
Please post the following:
1) Ewido log
2) Panda report
Meddle
12 Sep 2006, 11:43am
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:18:23 AM 9/12/2006
+ Scan result:
HKU\S-1-5-21-1417001333-706699826-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4508E20C-ACAD-11D2-9FC0-00550076E06F} -> Adware.2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-1417001333-706699826-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4508E20C-ACAD-11D2-9FC0-00550076E06F} -> Adware.2Search : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bargain Buddy -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0 -> Adware.BlazeFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0\- -> Adware.BlazeFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Start Menu\Programs\Power Scan\Power Scan.lnk -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Colin\Application Data\ower.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dνdplay.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\unregister.exe -> Adware.VB : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\MP3G5SN2\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.278:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.229:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.362:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.363:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.375:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.387:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.415:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.548:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Colin\Application Data\Mozilla\Profiles\default\3z5urcma.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Colin\Application Data\Mozilla\Profiles\default\3z5urcma.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@chumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@sportingnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@thestar.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@workopolis.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@b.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.610:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@e-2dj6wfmiencjado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@e-2dj6wfmyulczaaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@e-2dj6wjkoehczgaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@e-2dj6wjkoopd5adp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@e-2dj6wjlywlc5keo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@e-2dj6wjmichcpgao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@e-2dj6wjnysmczkbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.812:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.813:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.678:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.679:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.680:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.409:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.441:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
:mozilla.692:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.693:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.694:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.695:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.696:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.697:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.698:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.699:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.453:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Colin\Application Data\Mozilla\Profiles\default\3z5urcma.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Colin\Application Data\Mozilla\Profiles\default\3z5urcma.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.474:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.475:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.476:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.477:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Colin\Application Data\Mozilla\Profiles\default\3z5urcma.slt\cookies.txt -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.492:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.493:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.494:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.495:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.496:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.497:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.498:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.499:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.500:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.501:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.502:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.503:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.504:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.506:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.509:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.510:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.511:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.512:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.513:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.514:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.515:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.516:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.523:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.524:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.431:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\xikr65em.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.597:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.605:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.606:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.607:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.608:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.609:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Evan\Cookies\evan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.599:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.600:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.601:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nx99jzz9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
::Report end
Meddle
12 Sep 2006, 11:43am
Incident Status Location
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Colin\Desktop\SmitfraudFix\Process.exe
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Evan\Cookies\evan@64.62.232[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Evan\Cookies\evan@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Evan\Cookies\evan@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Evan\Cookies\evan@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Evan\Cookies\evan@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Evan\Cookies\evan@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Evan\Cookies\evan@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Evan\Cookies\evan@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Evan\Cookies\evan@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Evan\Cookies\evan@i.screensavers[1].txt
Spyware:Cookie/TouchClarity Not disinfected C:\Documents and Settings\Evan\Cookies\evan@intercasino.touchclarity[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Evan\Cookies\evan@www.advnt01[1].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Evan\Cookies\evan@www.seeq[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Evan\Cookies\evan@www48.seeq[1].txt
Trogan
13 Sep 2006, 5:18pm
Thanks for the logs. You can delete SmitfraudFix as it is not needed anymore.
Is Norton still giving you trouble?
Meddle
14 Sep 2006, 11:08pm
Yes. Remember when i said the auto-protect was, supposedly, enabled? It's disabled again... Of course, my guess is it was disabled all along.
Aside from these two things, my computer is running perfectly.
Norton does not work, and I can't install automatic updates.
Panda found infected files, how am I to deal with these?
Btw, I have downloaded Antivir recently.
Trogan
15 Sep 2006, 4:46pm
Panda only found cookies, which are harmless and that is why I didn't ask you to do anything about them. However, you can manuallly delete them if you want.
Yes, I remember you telling me that you thought Norton auto-protection was enabled.
Here's the important part.
You should not be running TWO Anti-Virus programs together as they can cause more problems such as computer slowdowns, instability or even system crashes.
You need to keep one, and uninstall the other. As your having problems with Norton, I would suggest its removal. Norton is not all that good and slows your computer down. I have AntiVir, and its a great Anti-Virus program to have. :D
Let me know if you want to remove Norton, and I will give you specific instructions for its removal. :)
vBulletin® v3.8.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.