[ccfirmin]

I'm not sure which problems are related to each other, but this is what has been happening to me:

Norton keeps autodetecting Trojan.Desktophijack.B, and deleting it. It keeps coming back. A fake security icon pops up in my Icon Tray, which upon clicking pops up an IE window that brings me to updatescenter.com, the site for psguard and all those other fake malware programs.

I ran through the pre-posting procedure outlined above, and since restarting I haven't gotten a Trojan.Desktophijack.B, but I don't know if that means this problem is gone. When I start up IE, any URL that I type in gets redirected to updatescenter.com.... help?

I've been using Firefox this whole time. IE does not work.

Here's my Hijackthis logfile... thanks:

Logfile of HijackThis v1.99.1
Scan saved at 10:22:43 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\system32\hp3360.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:34:11 PM, 9/28/2005
+ Report-Checksum: 973566AF

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
[872] C:\WINDOWS\system32\ld5870.tmp -> TrojanDownloader.Agent.uz : Cleaned with backup
C:\WINDOWS\system32\ld3C2D.tmp -> TrojanDownloader.Agent.uz : Cleaned with backup
C:\WINDOWS\system32\ld5870.tmp -> TrojanDownloader.Agent.uz : Cleaned with backup
C:\WINDOWS\system32\ld9BCD.tmp -> TrojanDownloader.Agent.uz : Cleaned with backup
C:\WINDOWS\system32\mscornet.exe -> TrojanDownloader.Zlob.ao : Cleaned with backup
C:\WINDOWS\system32\mssearchnet.exe -> TrojanDownloader.Zlob.ap : Cleaned with backup
C:\WINDOWS\system32\nvctrl.exe -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End

[Advertisements]

Will anyone be able to help me with this? I've seen other similar posts re: updatecenter.com but there are no responses to those either...

Thanks.

[ccfirmin]

Will anyone be able to help me with this? I've seen other similar posts re: updatecenter.com but there are no responses to those either...

Thanks.

[Armodeluxe]

Hi ccfirmin,

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Open Ewido and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• NOTE: During some scans with ewido it is finding cases of false positives.
• You will need to step through the process of cleaning files one-by-one.
• If ewido detects a file you KNOW to be legitimate, select none as the action.
• DO NOT select "Perform action on all infections"
• If you are unsure of any entry found select none for now.
• When the scan is finished, click the Save report button at the bottom of the screen.
• Save the report to your desktop

Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

[ccfirmin]

Hello,

Thanks for the help. The logs are below.

(By the way, I had to use IE for the Panda Scan, and IE seemed to actually work. Hopefully this means I'm fixed.)


==================

Logfile of HijackThis v1.99.1
Scan saved at 10:39:30 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Christopher Chung\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--------------------------------------------


smitRem © log file
version 2.7

by noahdfear

The current date is: Tue 11/01/2005
The current time is: 21:05:38.84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

ncompat.tlb
hp***.tmp


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!


--------------------------------------------

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:41:21 PM, 11/1/2005
+ Report-Checksum: 147E3978

+ Scan result:

:mozilla.59:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.573:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.674:C:\Documents and Settings\Christopher Chung\Application Data\Mozilla\Firefox\Profiles\1w3q7na9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup


::Report End

--------------------------------------


Incident Status Location

Adware:adware/securityerror No disinfected C:\Documents and Settings\All Users\Start Menu\Online Security Center.url
Virus:W97M/ColdApe.A Disinfected C:\Documents and Settings\Christopher Chung\My Documents\My Docs\CHRIS\Academic - CMU\CMUMail\Sent[02-26-2001 Lunar Gala.doc]

[Armodeluxe]

Everything looks good

Just delete this one file:

C:\Documents and Settings\All Users\Start Menu\Online Security Center.url

You are getting too many spyware cookies. Those are mostly third party cookies that can be blocked.

In Firefox go to Tools > Options > Privacy > Cookies

Click the small triangle next to cookies to expand that tab and put a check next to "for the originating website only". This will prevent third party cookies from being installed on your computer.

In IE go to Tools > Internet Options > Privacy and click on Advanced in the Privacy tab

Now put a check next to "Override automatic cookie handling"

Set first party cookies to Accept and third party cookies to Block

Also put a check to "Always allow session cookies" OK your way out.

Now let's reset your restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Please take the following into consideration to maintain a clean computer.

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Sygate

I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.

Winpatrol
Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.


A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe

[ccfirmin]

Hello,

Thanks - I deleted this file

C:\Documents and Settings\All Users\Start Menu\Online Security Center.url

but noticed two additional files, "Security Troubleshooting.url" and "Security Troubleshoting.url," both of which link to securityindex.net, which the "Online Security Center.url" file linked to. Should I delete those as well?

I think that's about it. I'll make those additions to my machine and hopefully it'll keep it all safer.

Thanks!

[Armodeluxe]

I'm surprised how Panda didn't flag them, yes please delete them also.

May you have some safe surfing from now on!!

[Armodeluxe]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.