Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page svchost using memory, low virtual memory warning
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-30-2006, 02:25 PM   #1 (permalink)
Registered User
 
DJslim09's Avatar
 
Join Date: Jul 2006
Location: Cleveland, OH
Posts: 35
OS: Vista 64-bit SP1


EEK! svchost using memory, low virtual memory warning
Hello,
A while back I had posted my log and my problem was resolved but I have recently come across another problem. My computer's performance has slowly been slowing and now I have had enough. I can see the problems when I open task manager and look at the applications. Other than the main programs I may be running that I know use a good amount of memory there will be a couple names I am not familiar with like svchost.exe and msmgs.exe that will be up there in the 10,000 k region. Here's my htj log, thanks for all help!

Logfile of HijackThis v1.99.1
Scan saved at 5:14:07 PM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\htj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alltel.net/newuser/benefits/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/117p/html/gtdownlr.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123033659984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133667456218
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{179967DC-9AF3-4ECC-AE23-D7D1F840B62F}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{179967DC-9AF3-4ECC-AE23-D7D1F840B62F}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
DJslim09 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 08-01-2006, 12:38 PM   #2 (permalink)
Registered User
 
DJslim09's Avatar
 
Join Date: Jul 2006
Location: Cleveland, OH
Posts: 35
OS: Vista 64-bit SP1


Bump
BUMP
DJslim09 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-03-2006, 07:46 AM   #3 (permalink)
Registered User
 
DJslim09's Avatar
 
Join Date: Jul 2006
Location: Cleveland, OH
Posts: 35
OS: Vista 64-bit SP1


Still no help for HTJ LOG!!
Below is a screenshot I took of my taskmanager when the problem was bad. It has been much much worse than this, I have had about 5 applications at 75,000k and the computer pretty much freezes after that. It mostly happens when I try to run firefox along with instant messenger and iTunes.
DJslim09 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-05-2006, 11:05 PM   #4 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Download AIMfix. Double click on AIMfix.exe to run it. It will create a log called AIMfix.log when it is finished, please post the contents of that log here along with a new hijackthis log.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-07-2006, 07:39 AM   #5 (permalink)
Registered User
 
DJslim09's Avatar
 
Join Date: Jul 2006
Location: Cleveland, OH
Posts: 35
OS: Vista 64-bit SP1


AIMFix version: 1.6.85.024 (Aug 5 2006 00:24:30)
SeDebug Privilege set successfully
First, closing any running copies of AOL Instant Messenger (aim.exe):
KillProcByName(): aim.exe successfully terminated.

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***

RegRunKeyExist(): Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
RegRunKeyExist(): Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\stratas
FU rootkit detected!
AIMFix set to run at startup in RunOnce
RegRunKeyExist(): Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
RegRunKeyExist(): Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\stratas
RegKill(): Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
RegKill(): Removed HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\stratas
RegKill(): Removed HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\stratas
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Michael\lockts.xexe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockts.xexe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockts.xexe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockts.xexe
Reboot cancelled by user
BlockRemove(): Now checking for Block-Checker: .5
BlockRemove(): Block-Checker not found
IMNamesRemove(): Now checking for IMNames: .2
IMNamesRemove(): IM Names not found
CleanMstc(): mstc not found


Hijack this Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:39:17 AM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LMPDPUI.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\htj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alltel.net/newuser/benefits/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\RunOnce: [*AIMFix] C:\D
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/117p/html/gtdownlr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123033659984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133667456218
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{179967DC-9AF3-4ECC-AE23-D7D1F840B62F}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{179967DC-9AF3-4ECC-AE23-D7D1F840B62F}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
DJslim09 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-07-2006, 08:36 PM   #6 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Alright that took out the only malware present in the Hijackthis log, how is your PC running now?
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-08-2006, 07:41 PM   #7 (permalink)
Registered User
 
DJslim09's Avatar
 
Join Date: Jul 2006
Location: Cleveland, OH
Posts: 35
OS: Vista 64-bit SP1


after aimfix
I did not notice any improvement on my computer after running aimfix. My internet use has been nearly inexistent. I have dsl and the speed which I am going is slower than dial up.

Thanks for keeping at it!!!

Mike
DJslim09 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-09-2006, 11:52 AM   #8 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


There isn't much showing in your log, so we'll try a general cleaning and see what turns up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Anti-Spyware
  • Install Ewido Anti-Spyware
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Tools
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it’s checked.
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted. If prompted to reboot, click No.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine
  • Then click Apply all actions
Once finished, click the Save report button, then click Save Report As and save it to your desktop.

Reboot your system in Normal Mode.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

In your next post please include:
  • Panda Activescan Log
  • Ewido Log
  • A new Hijackthis! Log
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-21-2006, 10:10 PM   #9 (permalink)
Registered User
 
DJslim09's Avatar
 
Join Date: Jul 2006
Location: Cleveland, OH
Posts: 35
OS: Vista 64-bit SP1


**Here are my Ewido log and hijackthis log. Every time I finished the online scan (I did it twice) my browser automatically closed. I didn't have the time to try again and find the same result.**


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:05:41 AM 8/10/2006

+ Scan result:



C:\WINDOWS\system32\gtdownlr_118.ocx -> Adware.Gdown : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.593:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.746:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.406:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.407:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.408:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.409:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.411:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.683:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.702:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.289:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.337:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.338:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.339:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.341:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.604:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.661:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Bluemountain : Cleaned with backup (quarantined).
:mozilla.676:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.602:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.603:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.639:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.526:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.527:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.758:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.759:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.707:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.502:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.521:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.450:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.451:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.454:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.493:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.541:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.542:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.646:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.692:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.693:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.696:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.585:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.586:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.587:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.588:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pc6x05q9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.393:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.394:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.395:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.396:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.397:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.583:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.504:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.354:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.415:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.416:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.417:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.418:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.761:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.368:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.369:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.457:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.458:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.459:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.498:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.499:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.500:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.697:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.352:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.353:C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\4chx4j53.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 1:08:46 AM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael\Application Data\Opera\Opera\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alltel.net/newuser/benefits/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/117p/html/gtdownlr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123033659984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133667456218
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{179967DC-9AF3-4ECC-AE23-D7D1F840B62F}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{179967DC-9AF3-4ECC-AE23-D7D1F840B62F}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
DJslim09 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-22-2006, 01:21 PM   #10 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Download combofix.exe-Save it to your Desktop.

Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-30-2006, 06:12 PM   #11 (permalink)
Registered User
 
DJslim09's Avatar
 
Join Date: Jul 2006
Location: Cleveland, OH
Posts: 35
OS: Vista 64-bit SP1


Hi again,
I just deleted all of my downloaded music files that i suspected could be a problem and my performance increased, but not completely. I have a question; if I have all that music that is potentially infected on my iPod and I load it onto another computer will it infect that computer? I am noticing a long long wait time when trying to receive e-mails in mozilla thunderberd (mozilla's version of outlook express). Thanks.

Mike
DJslim09 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-30-2006, 08:49 PM   #12 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


One potential cause of a slowdown in mail clients is a spambot on your machine. Please run Combofix as instructed in my previous post.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-31-2006, 06:19 PM   #13 (permalink)
Registered User
 
DJslim09's Avatar
 
Join Date: Jul 2006
Location: Cleveland, OH
Posts: 35
OS: Vista 64-bit SP1


combofix log
Michael - 06-08-31 20:48:15.53
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Michael\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-31 to 2006-08-31 ))))))))))))))))))))))))))))))))))


2006-08-03 10:52 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-07-31 19:30 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-07-31 19:30 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-07-31 19:30 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-07-31 19:30 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-07-31 19:30 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-07-31 19:30 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-07-31 19:30 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-07-31 19:30 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-07-31 19:30 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-31 20:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-31 20:02 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-08-31 19:58 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-28 21:44 -------- d-------- C:\Program Files\DivX
2006-08-28 21:36 -------- d-------- C:\Program Files\Microsoft Games
2006-08-27 10:24 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-23 23:11 3932 --a------ C:\Documents and Settings\Michael\Application Data\LMLayout.dat
2006-08-23 23:11 268 --a------ C:\Documents and Settings\Michael\Application Data\LMCPaper.dat
2006-08-19 08:50 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-15 21:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-15 21:11 -------- d-------- C:\Program Files\iPod
2006-08-15 21:02 -------- d-------- C:\Program Files\Google
2006-08-12 15:34 -------- d-------- C:\Program Files\Internet Explorer
2006-08-10 12:43 -------- d-------- C:\Program Files\Winamp
2006-08-10 12:42 -------- d-------- C:\Program Files\Symantec
2006-08-10 12:41 -------- d-------- C:\Program Files\QuickTime
2006-08-10 12:22 -------- d-------- C:\Program Files\Messenger
2006-08-10 12:21 -------- d-------- C:\Program Files\iTunes
2006-08-10 12:06 -------- d-------- C:\Documents and Settings\Michael\Application Data\Symantec
2006-08-09 22:37 -------- d-------- C:\Program Files\CleanUp!
2006-08-09 22:32 -------- d-------- C:\Documents and Settings\Michael\Application Data\Talkback
2006-08-09 22:28 -------- d-------- C:\Documents and Settings\Michael\Application Data\Thunderbird
2006-08-09 22:28 -------- d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2006-08-03 10:52 -------- d-------- C:\Program Files\Registry Mechanic
2006-07-27 16:46 -------- d-------- C:\Documents and Settings\Michael\Application Data\Lavasoft
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-24 21:34 -------- d-------- C:\Program Files\Common Files
2006-07-24 13:49 -------- d-------- C:\Program Files\New Folder
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-07 16:41 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-07-07 16:41 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-07-07 16:41 13824 --a------ C:\WINDOWS\system32\drivers\SSFS041A.sys
2006-07-07 16:41 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-06-14 13:49 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-08 12:08 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-06-08 12:08 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-06-02 21:29 6 --a------ C:\WINDOWS\glhvt.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"BCMSMMSG"="BCMSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"LMPDPSRV"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"RegistryMechanic"=""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"tunebite.exe"="C:\\Program Files\\tunebite\\tunebite.exe -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,c4,02,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,c4,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Startup"="voltio.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Startup"="voltio.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Karen.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

Completion time: Thu 08/31/2006 20:58:56.43
ComboFix.txt
DJslim09 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-02-2006, 12:35 PM   #14 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Go to Start > Run
Type:
  • regedit
Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Open Notepad and copy and paste everything from the box below.
Code:
REGEDIT4

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"System Startup"=-

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Startup"=-
Click on File, Save it to your desktop, in file name save as
voltio.reg
click OK.

Next go to your desktop and double click on voltio.reg, allow it to merge to the registry. It should give you a prompt "sucessfully merged".

Click on Start>Search and search for voltio.exe and delete if found.

Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.
  • Tick the checkbox - Turn off System Restore on all drives
  • Click Apply
  • Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-04-2006, 07:17 PM   #15 (permalink)
Registered User
 
DJslim09's Avatar
 
Join Date: Jul 2006
Location: Cleveland, OH
Posts: 35
OS: Vista 64-bit SP1


Laugh Resolved
Thanks so much! Everything seems back to normal . You have saved me so much time and money! Good luck with everything!
DJslim09 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:57 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84