Can't get rid of "SpyLocked" (RESOLVED)

  1. 31-03-2007  #1
    bigbeebz
    bigbeebz is offline Newbie

    Can't get rid of "SpyLocked" (RESOLVED)

    System Tray icon keeps flashing and popping up messages that I have to download an "up-to-date spyware solution" which is the SpyLocked program. I feel like I've tried everything! I ran SpyBot S&D, AdAware and Fixwareout (somebody else suggested it might work). All to no avail... it's still there. My HJT log is below; below that is the fixwareout report (not sure if that's necessary). I'm not a big computer guy but I can follow instructions, so any help you can offer would be appreciated.

    Many thanks in advance!

    Beebz

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:38:10 AM, on 31/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    D:\Clayton's\spyware\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...row&channel=ca
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...row&channel=ca
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [tcrinit] C:\WINDOWS\svcwinra.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: homina - {df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} - C:\WINDOWS\system32\oyopu.dll
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 3935 bytes

    Fixwareout Log follows:

    Fixwareout Last edited 2/11/2007
    Post this report in the forums please
    ...
    »»»»»Prerun check

    »»»»» System restarted

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    »»»»» Misc files.
    ....
    »»»»» Checking for older varients.
    ....

    Search five digit cs, dm, kd, jb, other, files.
    The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



    Click browse, find the file then click submit.
    http://www.virustotal.com/flash/index_en.html
    Or http://virusscan.jotti.org/

    »»»»» Other



    »»»»» Current runs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.ex e"
    "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
    "tcrinit"="C:\\WINDOWS\\svcwinra.exe"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
    "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»

  3. 31-03-2007  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    DO NOT RUN ANY OTHER OPTIONS UNTIL REQUESTED TO. This is very important to get an optimal and comprehensive fix.



    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
  4. 31-03-2007  #3
    bigbeebz
    bigbeebz is offline Newbie
    SmitFraudFix v2.162

    Scan done at 15:31:26.90, 31/03/2007
    Run from C:\Documents and Settings\Clayton\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\oyopu.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Clayton


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Clayton\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Clayton\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
    "{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}"="homina"

    [HKEY_CLASSES_ROOT\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
    @="C:\WINDOWS\system32\oyopu.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{df8c3ae d-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
    @="C:\WINDOWS\system32\oyopu.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.1.254

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{CEB2DA1D-399D-4EC2-A1F1-6B6D6E573C7F}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{CEB2DA1D-399D-4EC2-A1F1-6B6D6E573C7F}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{CEB2DA1D-399D-4EC2-A1F1-6B6D6E573C7F}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
  5. 01-04-2007  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    STEP # 2 - Cleaning

    Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.



    Download and install AVG Anti-Spyware 7.5 (AVG AS - previously known as Ewido anti-spyware 4.0) (uninstall any previous version first).
    • Click the Download BUTTON. On the next page click the Download now BUTTON.
    • Save and then install (Run) from the save location.
    • Open/Run AVG Anti-Spyware
    • Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:

    • Click on the Update now LINK at the top of the window
      • Click on the Start update button
      • Wait for the update to download and install
  6. This is very important to get the LATEST updates
  7. Click on the Status ICON
    • Under "Your computers Security"
      Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
  8. Click on the Scanner ICON at the top of the window
  9. Click on the Settings tab then select Recommended Actions and choose Quarantine
  10. When updating has finished. Close AVG Anti-Spyware.



    11. We will be using this tool in a later step.




    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    ______________________________


    Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
    Select option #2 - Clean by typing 2 and press Enter.
    Wait for the tool to complete and disk cleanup to finish.
    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
    ______________________________

    Clean out your Temporary Internet files. Proceed like this:
    • Quit Internet Explorer and quit any instances of Windows Explorer.
    • Click Start, click Control Panel, and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


    ______________________________

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware , and run a full scan:
    • Click on the default Status ICON and select the Scan now LINK.

      OR

    • Click on the Scanner ICON . Select the Scan TAB.

      • Select Complete System Scan. AVG Anti-Spyware will now begin to scan your system.

    • If AVG Anti-Spyware finds anything it will list them in the Preview WINDOW:
      • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
      • Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).

    • When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
    • Copy and paste the AVG Anti-Spyware scan results into your next post.
    • Close AVG Anti-Spyware.


    ______________________________
    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    ----------No items specified

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.
    ______________________________

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #3 - Delete Trusted zone by typing 3 and press Enter
    Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

    Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.


    ______________________________
    Reboot in Normal Mode.

    Please post (preferably not file attachments, please):
    1. c:\rapport.txt
    2. AVG Anti-Spyware log
    3. A new HijackThis log
  • 01-04-2007  #5
    bigbeebz
    bigbeebz is offline Newbie
    You said:
    "This is very important to get the LATEST updates

    Click on the Status ICON
    Under "Your computers Security"
    Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
    Click on the Scanner ICON at the top of the window

    Click on the Settings tab then select Recommended Actions and choose Quarantine
    When updating has finished. Close AVG Anti-Spyware."

    This does not describe the version of AVG Anti-Spyware I downloaded (7.5.446). I was able to disable Resident Shield, but there is no Scanner Icon or Settings tab where I can select as you described. Do you have a screenshot i could look at? I've included a screenshot so you see what I have to work with.

    Thanks... and sorry to be a pain.
    Attached Images
  • 02-04-2007  #6
    bigbeebz
    bigbeebz is offline Newbie
    Never mind... I just realized I downloaded AVG Anti-Virus... not Anti-Spyware.

    I'm an idiot... I'll let you know when i sort this out.

    Beebz
  • 02-04-2007  #7
    bigbeebz
    bigbeebz is offline Newbie
    DONE! And I think it did the trick. The only part of your reply I didn't get was:

    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    ----------No items specified

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.

    Was I supposed to do something there? Anyway, I did everything else and that "thing" seems to be gone now. So here are the logs you wanted... and many thanks for all your help!

    Best regards,

    Beebz

    HJT Log:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 7:12:18 PM, on 01/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Clayton's\spyware\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...row&channel=ca
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [tcrinit] C:\WINDOWS\svcwinra.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 3406 bytes

    Rapport.txt:
    SmitFraudFix v2.162

    Scan done at 17:42:38.87, 01/04/2007
    Run from C:\Documents and Settings\Clayton\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{CEB2DA1D-399D-4EC2-A1F1-6B6D6E573C7F}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{CEB2DA1D-399D-4EC2-A1F1-6B6D6E573C7F}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{CEB2DA1D-399D-4EC2-A1F1-6B6D6E573C7F}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    AVG Report

    NOTE: I saved the wrong report... I saved it before I clicked the "Apply all Actions" button, then everything read "cleaned" instead of "no action taken." Just so you know.
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:03:11 PM 01/04/2007

    + Scan result:



    C:\Program Files\iWin Games\iWinGamesHookIE.dll -> Adware.BHO : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP244\A0021245.DLL -> Adware.FunWeb : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0021410.ini -> Adware.Qworke : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0019518.exe -> Adware.Relevant : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0021363.exe -> Adware.RK : No action taken.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU -> Adware.SaveNow : No action taken.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU\Customer Support.lnk -> Adware.SaveNow : No action taken.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : No action taken.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : No action taken.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : No action taken.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0019576.exe -> Adware.SaveNow : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0019577.dll -> Adware.SaveNow : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0019579.exe -> Adware.SaveNow : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0019585.exe -> Adware.SaveNow : No action taken.
    C:\Downloads\JQSolitaireSetup-dm[1].exe -> Adware.Trymedia : No action taken.
    C:\Downloads\JewelQuestSetup-dm[1].exe -> Adware.Trymedia : No action taken.
    C:\Downloads\MysteryCaseFilesSetup-dm[1].exe -> Adware.Trymedia : No action taken.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenUSearch -> Adware.WhenU : No action taken.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenUSearch\WhenUSearch Desktop Toolbar.lnk -> Adware.WhenU : No action taken.
    C:\Documents and Settings\Lori\Local Settings\Temp\temp.fr0E25\pmsnrr.exe -> Downloader.Zlob.atw : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0021419.exe -> Downloader.Zlob.atw : No action taken.
    C:\Documents and Settings\Lori\Local Settings\Temp\temp.fr0E25\pmmnt.exe -> Downloader.Zlob.bpn : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP246\A0021297.exe -> Downloader.Zlob.bpn : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP246\A0021322.exe -> Downloader.Zlob.bpn : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0021418.exe -> Downloader.Zlob.bpn : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@www.adobe[1].txt -> TrackingCookie.Adobe : No action taken.
    C:\Documents and Settings\Isaac\Cookies\isaac@www.adobe[1].txt -> TrackingCookie.Adobe : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@text.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@com[1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@com[1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Lori\Cookies\lori@com[1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@search.live[1].txt -> TrackingCookie.Live : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@www.myaffiliatepr ogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@navrcholu[2].txt -> TrackingCookie.Navrcholu : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
    C:\Documents and Settings\Isaac\Cookies\isaac@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Isaac\Cookies\isaac@ads.planetactive[1].txt -> TrackingCookie.Planetactive : No action taken.
    C:\Documents and Settings\Isaac\Cookies\isaac@www.real[1].txt -> TrackingCookie.Real : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@realguide.real[1].txt -> TrackingCookie.Real : No action taken.
    C:\Documents and Settings\Isaac\Cookies\isaac@h.starware[1].txt -> TrackingCookie.Starware : No action taken.
    C:\Documents and Settings\Isaac\Cookies\isaac@try.starware[1].txt -> TrackingCookie.Starware : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@try.starware[3].txt -> TrackingCookie.Starware : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@toplist[1].txt -> TrackingCookie.Toplist : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@toplist[1].txt -> TrackingCookie.Toplist : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.
    C:\Documents and Settings\Isaac\Cookies\isaac@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Isaac\Cookies\isaac@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Jonah\Cookies\jonah@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Jonah\Local Settings\Temp\laf11.tmp -> Trojan.Zlob : No action taken.


    ::Report end
  • 02-04-2007  #8
    VopThis
    VopThis is offline Senior Member (Canada)
    I guess my instruction text is in need of revision. It has generally been sufficient to convey the general intent and functionality of the fix to get the job done. Try the following revised instructions:
    Please download, install, update and scan your system with the free version of AVG Anti-Spyware Scanner: AVG Anti-Spyware 7.5
    • Download the AVG Anti-Spyware Scanner installer to your Desktop. Find the icon on your desktop and double click on it to install.
    • Let AVG Anti-Spyware Scanner open once it is installed.
    • The first thing you need to do is update the detection definition files.
    • From the main AVG Anti-Spyware screen, click on UPDATE in the top menu, then click the Start Update link.
    • After the update finishes (the status bar near the top will inform you of progress), click on the Scanner button in the top menu, then click on the Settings tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    You need to 'quarantine' all infections found by AVG Anti-Spyware - AVGAS (apply as a minimum DEFAULT) rather than the 'No action taken'. The instructions given should be enough to set such a recommended default which will then also offer to 'clean' certain type of infections (mostly Cookies). Otherwise, set the minimum desired action manually for each item.


    Accordingly, please re-run AVGAS and quarantine or clean what it finds. Post a revised AVGAS log and current HijackThis LOG.



    Also, please submit the following FILE (copy&paste into the input box) to http://www.virustotal.com/ for immediate assessment and post their findings back here:

    C:\WINDOWS\svcwinra.exe
    Last edited by VopThis; 02-04-2007 at 04:18 AM.
  • 02-04-2007  #9
    bigbeebz
    bigbeebz is offline Newbie
    I did run the AVG as you specified but I saved the report incorrectly... I'm not sure if you saw what I wrote earlier, but when everything was finished the report read "cleaned" and not "no action taken." Unfortuneately, I saved the wrong report.

    As for the other thing you wanted me to do... here it is.

    AhnLab-V3 2007.3.31.0 04.02.2007 no virus found
    AntiVir 7.3.1.47 04.01.2007 no virus found
    Authentium 4.93.8 03.31.2007 no virus found
    Avast 4.7.936.0 04.02.2007 no virus found
    AVG 7.5.0.447 04.01.2007 no virus found
    BitDefender 7.2 04.02.2007 no virus found
    CAT-QuickHeal 9.00 03.31.2007 no virus found
    ClamAV devel-20070312 04.02.2007 no virus found
    DrWeb 4.33 04.01.2007 Trojan.PWS.Sspro
    eSafe 7.0.15.0 04.01.2007 no virus found
    eTrust-Vet 30.6.3527 03.31.2007 no virus found
    Ewido 4.0 04.01.2007 no virus found
    FileAdvisor 1 04.02.2007 no virus found
    Fortinet 2.85.0.0 04.02.2007 no virus found
    F-Prot 4.3.1.45 03.30.2007 no virus found
    F-Secure 6.70.13030.0 04.02.2007 no virus found
    Ikarus T3.1.1.3 04.01.2007 no virus found
    Kaspersky 4.0.2.24 04.02.2007 no virus found
    McAfee 4997 03.31.2007 no virus found
    Microsoft 1.2306 04.02.2007 no virus found
    NOD32v2 2161 04.01.2007 no virus found
    Norman 5.80.02 03.31.2007 no virus found
    Panda 9.0.0.4 04.01.2007 Suspicious file
    Prevx1 V2 04.02.2007 no virus found
    Sophos 4.16.0 03.30.2007 no virus found
    Sunbelt 2.2.907.0 03.31.2007 System Surveillance Pro
    Symantec 10 04.02.2007 Spyware.Systemsurv
    TheHacker 6.1.6.083 03.30.2007 no virus found

    The "svcwinra" appears to belong to SSPro (System Surveillance Pro) which is a program I installed many months ago. It hasn't produced any problems on either computer that I have it on, so I'm assuming it's a safe file.

    Thanks again!

    Beebz
  • 02-04-2007  #10
    bigbeebz
    bigbeebz is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    I found the right AVG report... here it is.

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:03:45 PM 01/04/2007

    + Scan result:



    C:\Program Files\iWin Games\iWinGamesHookIE.dll -> Adware.BHO : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP244\A0021245.DLL -> Adware.FunWeb : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0021410.ini -> Adware.Qworke : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0019518.exe -> Adware.Relevant : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0021363.exe -> Adware.RK : Cleaned.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU\Customer Support.lnk -> Adware.SaveNow : Cleaned.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Cleaned.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0019576.exe -> Adware.SaveNow : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0019577.dll -> Adware.SaveNow : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0019579.exe -> Adware.SaveNow : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0019585.exe -> Adware.SaveNow : Cleaned.
    C:\Downloads\JQSolitaireSetup-dm[1].exe -> Adware.Trymedia : Cleaned.
    C:\Downloads\JewelQuestSetup-dm[1].exe -> Adware.Trymedia : Cleaned.
    C:\Downloads\MysteryCaseFilesSetup-dm[1].exe -> Adware.Trymedia : Cleaned.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenUSearch -> Adware.WhenU : Cleaned.
    C:\Documents and Settings\Jonah\Start Menu\Programs\WhenUSearch\WhenUSearch Desktop Toolbar.lnk -> Adware.WhenU : Cleaned.
    C:\Documents and Settings\Lori\Local Settings\Temp\temp.fr0E25\pmsnrr.exe -> Downloader.Zlob.atw : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0021419.exe -> Downloader.Zlob.atw : Cleaned.
    C:\Documents and Settings\Lori\Local Settings\Temp\temp.fr0E25\pmmnt.exe -> Downloader.Zlob.bpn : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP246\A0021297.exe -> Downloader.Zlob.bpn : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP246\A0021322.exe -> Downloader.Zlob.bpn : Cleaned.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP247\A0021418.exe -> Downloader.Zlob.bpn : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
    C:\Documents and Settings\Isaac\Cookies\isaac@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@text.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@com[1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@com[1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Lori\Cookies\lori@com[1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@search.live[1].txt -> TrackingCookie.Live : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@www.myaffiliatepr ogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
    C:\Documents and Settings\Isaac\Cookies\isaac@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Isaac\Cookies\isaac@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
    C:\Documents and Settings\Isaac\Cookies\isaac@www.real[1].txt -> TrackingCookie.Real : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
    C:\Documents and Settings\Isaac\Cookies\isaac@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Isaac\Cookies\isaac@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@try.starware[3].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
    C:\Documents and Settings\Isaac\Cookies\isaac@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
    C:\Documents and Settings\Caitlin\Cookies\caitlin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Isaac\Cookies\isaac@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Jonah\Cookies\jonah@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Jonah\Local Settings\Temp\laf11.tmp -> Trojan.Zlob : Cleaned.


    ::Report end
    • + Reply to Thread
    Page 1 of 2 1 2 LastLast
    « I think I have adware/spyware | CiD Problem (RESOLVED) »

    Similar Threads