Random pop-ups and warnings (hijack this log) (RESOLVED)

  1. 21-08-2006  #1
    blaqhawk
    blaqhawk is offline Newbie

    Angry Random pop-ups and warnings (hijack this log) (RESOLVED)

    My laptop has random pop-ups that come up every 30 min. or so. Each of these are either a "get laid today", "poker online", or "download [spyware protector]" pop-up (they're the same ones all the time). I also get "critical system error" warnings that warn me of spyware being on my computer and to immediately download software for it.

    I also get the little yellow box that pops up on my start bar's task menu that "warns" me of spyware of viruses and tells me to download anti-spyware.

    Earlier today I wasn't connected to the internet and a popup came up, but since it couldn't connect, it showed "Action cancelled". So wondering where it originates, I right cliked on it and clicked on properties, and looked at the target which said: res://C:\WINDOWS\system32\shdoclc.dll/dnserror.htm#http://xyzgate.com/gatevc.php?pn=srch0p16total7s2

    anyway, this is my hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:00:54 PM, on 8/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\IntCodec\isamonitor.exe
    C:\Program Files\IntCodec\pmsngr.exe
    C:\Program Files\IntCodec\pmmon.exe
    C:\Program Files\IntCodec\isamini.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\dla\DLACTRLW.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\BearShare\BearShare.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\CursorXP\CursorXP.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\Documents and Settings\owner\My Documents\Anti-Spyware\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
    R3 - URLSearchHook: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\IntCodec\isaddon.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\IntCodec\iesplugin.dll
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

  3. 21-08-2006  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    You appear to running two (2) real-time antivirus tools (McAfee and AVG) at the same time. Since they will likely compete or interfere with each other, you should disable or uninstall one of them.




    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.
    DO NOT RUN ANY OTHER OPTIONS UNTIL REQUESTED TO.


    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
  4. 21-08-2006  #3
    blaqhawk
    blaqhawk is offline Newbie
    Thanks for the help!

    Here is the log you requested:

    SmitFraudFix v2.81

    Scan done at 13:15:47.53, Mon 08/21/2006
    Run from C:\Documents and Settings\owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\owner\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\IntCodec\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
  5. 21-08-2006  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    STEP # 2 - Cleaning

    Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.



    Download and install Ewido anti-spyware 4.0 (uninstall any previous version first).
    • Click the Download BUTTON. On the next page click the Download now BUTTON.
    • Save and then install (Run) from the save location.
    • Open/Run ewido anti-spyware
    • Wait a few moments and Ewido should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:

    • Click on the Update now LINK at the top of the window
      • Click on the Start update button
      • Wait for the update to download and install
  6. This is very important to get the LATEST updates
  7. Click on the Status ICON
    • Under "Your computers Security"
      Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
  8. Click on the Scanner ICON at the top of the window
  9. Click on the Settings tab then select Recommended Actions and choose Quarantine
  10. When updating has finished. Close Ewido.



    11. We will be using this tool in a later step.




    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    ______________________________

    Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
    Select option #2 - Clean by typing 2 and press Enter.
    Wait for the tool to complete and disk cleanup to finish.
    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
    ______________________________

    Clean out your Temporary Internet files. Proceed like this:
    • Quit Internet Explorer and quit any instances of Windows Explorer.
    • Click Start, click Control Panel, and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


    ______________________________

    Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan:
    • Click on the default Status ICON and select the Scan now LINK.

      OR

    • Click on the Scanner ICON . Select the Scan TAB.

      • Select Complete System Scan. Ewido will now begin to scan your system.

    • If Ewido finds anything it will list them in the Preview WINDOW:
      • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
      • Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).

    • When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
    • Copy and paste the EWIDO scan results into your next post.
    • Close Ewido.


    ______________________________

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #3 - Delete Trusted zone by typing 3 and press Enter
    Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

    Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.


    ______________________________
    Reboot in Normal Mode.

    Please post (preferably not file attachments, please):
    1. c:\rapport.txt
    2. Ewido log
    3. A new HijackThis log
  • 22-08-2006  #5
    blaqhawk
    blaqhawk is offline Newbie
    Okay I follwed all the steps and here are the requested txt files:

    Rapport:

    SmitFraudFix v2.81

    Scan done at 13:15:58.65, Tue 08/22/2006
    Run from C:\Documents and Settings\owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    Ewido Scan report:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 2:57:12 PM 8/22/2006

    + Scan result:



    HKU\S-1-5-21-2405467465-3533330566-3834267807-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : No action taken.
    HKU\S-1-5-21-2405467465-3533330566-3834267807-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5753791B-F607-48CA-814E-91C14D081F9E} -> Adware.Generic : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Security Add-On -> Adware.IntCodec : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Public Messenger ver 2.03 -> Adware.IntCodec : No action taken.
    C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : No action taken.
    C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : No action taken.
    C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : No action taken.
    :mozilla.100:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.101:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.102:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.103:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.104:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.105:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.106:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.107:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.108:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.109:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.110:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.111:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.654:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.707:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.89:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.90:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.91:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.92:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.93:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.94:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.95:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.96:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.97:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.98:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.99:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.401:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Aavalue : No action taken.
    :mozilla.557:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Aavalue : No action taken.
    :mozilla.558:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Aavalue : No action taken.
    :mozilla.559:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Aavalue : No action taken.
    :mozilla.560:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Aavalue : No action taken.
    :mozilla.784:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Aavalue : No action taken.
    :mozilla.785:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Aavalue : No action taken.
    :mozilla.786:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Aavalue : No action taken.
    :mozilla.233:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.234:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.235:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.404:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.287:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.288:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.289:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.290:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.291:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.292:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.387:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adtech : No action taken.
    :mozilla.388:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Adtech : No action taken.
    :mozilla.155:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.157:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.158:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.159:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.161:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.18:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Atdmt : No action taken.
    :mozilla.370:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Bluestreak : No action taken.
    :mozilla.771:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Bridgetrack : No action taken.
    :mozilla.772:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Bridgetrack : No action taken.
    :mozilla.773:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Bridgetrack : No action taken.
    :mozilla.364:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Burstbeacon : No action taken.
    :mozilla.281:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.282:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.286:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.71:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.72:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.73:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.74:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.75:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.465:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Clickbank : No action taken.
    :mozilla.756:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Clickhype : No action taken.
    :mozilla.295:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.296:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.298:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.299:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.306:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.20:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.225:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.226:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.227:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.228:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.229:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.230:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.231:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.51:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.52:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.53:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.54:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.55:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.56:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.57:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.58:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.59:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.60:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.528:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Findwhat : No action taken.
    :mozilla.769:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Goclick : No action taken.
    :mozilla.770:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Goclick : No action taken.
    :mozilla.279:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.861:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
    :mozilla.254:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.255:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.256:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.257:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.302:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.565:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Hotlog : No action taken.
    :mozilla.796:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.797:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.798:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.799:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.800:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.21:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.22:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.743:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
    :mozilla.744:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
    :mozilla.811:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Onestat : No action taken.
    :mozilla.812:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Onestat : No action taken.
    :mozilla.813:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Onestat : No action taken.
    :mozilla.814:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Onestat : No action taken.
    :mozilla.36:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Overture : No action taken.
    :mozilla.661:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Overture : No action taken.
    :mozilla.258:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.259:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.260:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.261:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.262:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.263:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.669:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Qksrv : No action taken.
    :mozilla.670:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Qksrv : No action taken.
    :mozilla.61:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.62:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.63:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.687:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Revenue : No action taken.
    :mozilla.688:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Revenue : No action taken.
    :mozilla.689:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Revenue : No action taken.
    :mozilla.356:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.357:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.358:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.359:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.360:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.361:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.362:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.363:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.307:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.308:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.309:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.310:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.478:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.479:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.480:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.481:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.482:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.483:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.484:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.485:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.486:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.487:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.488:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.489:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.490:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.491:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.492:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.493:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.494:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.495:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.881:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.882:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.883:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.562:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Starware : No action taken.
    :mozilla.563:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Starware : No action taken.
    :mozilla.824:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Starware : No action taken.
    :mozilla.311:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.312:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.313:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.314:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.315:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.316:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.317:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.318:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.319:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.320:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.321:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.322:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.323:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.324:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.325:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.326:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.327:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.328:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.329:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.330:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.331:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.332:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.333:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.334:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.335:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.336:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.337:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.338:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.339:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.340:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.341:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.344:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.345:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.346:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.347:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.348:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.349:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.350:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.351:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.352:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.353:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.354:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.355:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.23:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.24:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.25:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.26:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.27:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.762:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.199:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tracking101 : No action taken.
    :mozilla.200:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tracking101 : No action taken.
    :mozilla.31:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.212:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.213:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.214:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.215:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.216:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.217:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.218:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.219:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.139:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.140:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.141:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.142:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.143:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.144:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.145:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.146:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.147:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.148:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.149:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.150:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.151:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.152:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.748:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Yadro : No action taken.
    :mozilla.114:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.115:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.116:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.117:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.118:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.119:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.120:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.209:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.210:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.211:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\plgiy2wx.default\coo kies.txt -> TrackingCookie.Zedo : No action taken.


    ::Report end

    Hijack this (new):

    Logfile of HijackThis v1.99.1
    Scan saved at 3:00:38 PM, on 8/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Documents and Settings\owner\My Documents\Anti-Spyware\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
    R3 - URLSearchHook: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
  • 23-08-2006  #6
    VopThis
    VopThis is offline Senior Member (Canada)
    Your Ewido scan found lots of malware which shows 'No action taken'. You need to re-run that that scan and 'quarantine' everything it finds.



    Your latest HijackThis log is much shorter than your first log. Did you produce that log in SAFE MODE rather than in NORMAL MODE? In particular, your 'running processes' no longer show ANY realtime antivirus (AV) tool running (I only suggested disabling or removing one of them). A PC without an active AV tool is not likely to remain healthy for long.



    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
  • 24-08-2006  #7
    blaqhawk
    blaqhawk is offline Newbie
    Here is my newest Hijack log, just taken:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:06:52 PM, on 8/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\dla\DLACTRLW.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\BearShare\BearShare.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\toshiba\ivp\ism\ivpsvmgr.exe
    C:\Documents and Settings\owner\My Documents\Anti-Spyware\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
    R3 - URLSearchHook: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

    I am running AVG software as a realtime protector. Do you recomend running Ewido as realtime?

    Yes!!! I don't have anymore annoying pop ups! or warnings!!!!!

    Thank you for all your help!! this is so nice! (My computer even starts faster!)
    Thanks again, you made my day

    I'll stay tuned if you have any other things I need to do.
  • 24-08-2006  #8
    VopThis
    VopThis is offline Senior Member (Canada)
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    You still have remaining, unnecessary running components of McAfee showing in your HijackThis log. Did you use the McAfee Uninstaller in Control Panel?



    Your system has an outdated version of Sun Java that could create serious security exposure issues for your PC.

    Update your Java.

    Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

    Please follow these steps to remove older version Java components.
    • Close any programs you may have running, ESPECIALLY your web browser
    • Click Start > Control Panel.
    • Click Add/Remove Programs.
    • Check any item with Java Runtime Environment (JRE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove all versions of Java.
    • Reboot your computer once all Java components are removed.

    Download the latest version of Java Runtime Environment, and install it to your computer.


    New Version should show as (HijackThis log):

    C:\Program Files\Java\jre1.5.0_08




    If Ewido continues to encounter non-cookie items, I would seriously suggest that it is best to have their real-time protection running (good trojan detection capabilities). It is much better to prevent as much as possible than to have to remove items after the fact.



    Post your latest HijackThis log.
    Last edited by VopThis; 24-08-2006 at 12:46 PM.
  • 24-08-2006  #9
    blaqhawk
    blaqhawk is offline Newbie
    Okay, I've fully unintalled McAfee and Java, and reinstalled Java.

    Here is my latest Hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:57:09 PM, on 8/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\dla\DLACTRLW.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\BearShare\BearShare.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\owner\My Documents\Anti-Spyware\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
    R3 - URLSearchHook: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe


    Thanks again for the help
  • 25-08-2006  #10
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    Ok - your HijackThis log is now clean.




    To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.



    ONLY ONCE you are as clean as possible from any needed cleanup steps - As a final cleanup step (after serious infection), it may be advisable to Reset and Re-enable your System Restore to remove any bad files that MAY have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

    PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. Accordingly and of further note; it can be very unsafe to run with admin rights on any PC that you browse the Internet with.


    (Windows XP)
    FOLDER LOCATION: c:\System Volume Information\_restore….
    To Turn OFF System Restore.
    1. Click the Start button.
    2. Right-click My Computer, and then click Properties.
    3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
    4. Click Apply.

    REBOOT.

    To Turn ON System Restore.
    1. Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
    2. Create new System Restore points.


    (Windows ME)
    FOLDER LOCATION: c:\_RESTORE\TEMP\….
    See the following link for instructions:
    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam




    To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:
    1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
      http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
      http://www.microsoft.com/windows/ie/default.asp
      • http://www.securityfocus.com/news/11273
        If you surf to questionable (blockable) parts of the Web, you could encounter sites that compromise your PC without any user interaction. In experiments [reported Aug 2005], Microsoft identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system. Also, be aware that the WinXP Service Pack 2 was an update that focused almost exclusively on security. Also reported was that a fully patched Windows XP SP2 system cannot be compromised by any such discovered rogue Web sites.

    2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
      AVG: http://free.grisoft.com/doc/1
      Avast: http://www.avast.com/eng/avast_4_home.html

    3. In addition to using Ad-aware, consider using another free malware scanning/removal program :
      Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
      Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1
      Microsoft Windows Defender beta 2 : http://www.download.com/Microsoft-Wi...ml?tag=lst-0-1

    4. Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
      Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
      *** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
      Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

      It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.

    5. Consider using an alternate free browser for general web surfing but you must use IE for windows updates. The use of Firefox (or similar alternate) mitigates the many types of malware that are now possible when using IE ActiveX based components.
      Mozilla Firefox: http://www.mozilla.org/products/firefox/

    6. Consider increasing your browser security by using these programs:
      SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
      SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
    7. A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
      • Run the HiJackThis tool and select ‘Open the Misc Tools section’.
      • Next select ‘Open host file manager’ button.
      • Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
      • Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.

        EXCERPT:
        #start of lines added by WinHelp2002
        # [Misc A - Z]
        127.0.0.1 phpadsnew.abac.com
        127.0.0.1 a.abnad.net
        127.0.0.1 e.abnad.net
        127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
        .
        .
        .
        #end of lines added by WinHelp2002




    *Remember just like your primary anti-virus software, it is important to:
    • Keep all of these programs up-to-date (using auto-updates where possible), and
    • Use them on a regular (minimum weekly) basis.




    REALITY CHECK:
    • Who else uses your PC? What are the potential risks created by multiple (potentially loose cannon) users and why?
    • What about bad luck, simple mistakes, and bad browsing choices (SEE: www.siteadvisor.com and their BLOG)?
    • SEE: The Dangers of Popularity (for Popular SEARCH TERMS):
      http://blog.siteadvisor.com/2006/08/...pularity.shtml
      The correlation of search term popularity and search term riskiness illustrates how malicious activity tends to follow and exploit consumer behavior. Users demand "free," and bad actors flock to fill corresponding search results with their deceptive offerings. All too often, users don't realize the detrimental consequences of these sites until their systems crash from spyware or their inboxes become choked with spam.


    ABOVE ALL, it is most imperative that users exercise "safe surfing" habits such as banning or at least verifying email attachments (with scanning tools) before opening, and by not executing programs unless obtained from a trusted (or researched) source, etc.



    In general, always research any unfamiliar links or products that you might want to access or download. In particular, the SiteAdvisor site and other links listed in my signature have continued to make a significant difference to my clients’ PC health due to better-informed browsing habits and choices. Peer-to-Peer and FREE download sites add a level of risk that many should seriously take into account and adjust their behavior accordingly.

    Additionally, TEMPORARY files are both a significant source of clutter and potential hiding places for MALWARE content. Clean out those areas periodically - at least weekly.



    If you continue to want to use 'Bearshare' expect to see the possibility of more malware issues:

    http://www.siteadvisor.com/sites/bearshare.com


    You would be well-advised to at least strengthen your real-time prevention tools and use either SpySweeper or Spyware Doctor, and possibly also run Ewido in real-time, as well (paid version=realtime). No combination of tools, however, can ever be fail-safe for all possible issues.
    • + Reply to Thread
    « viruses disabling pc AND monitor (RESOLVED) | IE freezing »

    Similar Threads