Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Do I have a keylogger program installed on my computer?


(!)

Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
07-May-2012, 02:43 PM #1
Cool Do I have a keylogger program installed on my computer?
Hi forum members, I've been getting error messages like this lately: "The application or DLL [insert program path here] is not a valid Windows image. Please check this against your installation diskette." So I did an internet search and found out that some people are even calling what I have a keylogger program. I have KeyScrambler installed on my computer I thought I would be protected if this was the case. Anyway, this is basically what happens: after a few hours of using my XP (mostly surfing the internet) my browser behaves very strangely. When I for instance do an internet search query into Google some of the words in the suggestions come up completely blank. If for instance you type "Huffington Post" in Google the first suggestion you come up with looks kinda like this:
"Breaking News and Opinion on the Huffington Post
www.huffingtonpost.com/
Offers syndicated columnists, blogs and news stories with moderated comments."
I get something like this:
" News Opinion on the Post

Offers columnists news stories with comments."
Some of the words are missing in the suggestions; not all of them just some.
Also something else happens; when I try to open any program I get that error message "The application or DLL [insert program path here] is not a valid Windows image. Please check this against your installation diskette." So I can't search because I can't see anything and I can't use word processing programs like OpenOffice so I'm forced to restart my computer. When I restart my computer everything works fine until a few hours when the whole process starts again. So what is happening to my computer?

Your help is greatly appreciated,
a newbie
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
09-May-2012, 01:59 AM #2
Here are the missing logs...
Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:57 PM, on 5/8/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\David\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SpyShelter] C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
O4 - Startup: OpenOffice.org 3.3.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 10406 bytes



Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by David at 22:31:18 on 2012-05-08
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.241 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\David\My Documents\Downloads\HijackThis.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sony.com/vaiopeople
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SpyShelter] c:\program files\spyshelter personal free\SpyShelter.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
StartupFolder: c:\docume~1\david\startm~1\programs\startup\OPENOF~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{81D2E6CA-715E-403A-973C-27454FA0FDE0} : DhcpNameServer = 192.168.0.1 216.165.129.158
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\fld2ez9s.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-1-17 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-1-17 69392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-17 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-17 337880]
R1 Spyshelter;Spyshelter;c:\program files\spyshelter personal free\SpyShelter.sys [2012-3-1 167224]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-18 525840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-17 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-17 44768]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-1-17 173880]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-1-17 33552]
S0 lmbgir;lmbgir;c:\windows\system32\drivers\idsvq.sys --> c:\windows\system32\drivers\idsvq.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
.
=============== Created Last 30 ================
.
2012-04-25 03:31:23 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 03:31:10 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-25 03:31:10 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-03-18 22:54:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
============= FINISH: 22:39:33.12 ===============



I tried to post the GMER log but it was too long nor could I attach it. I feel I'm doing something wrong, but what?

Thank you so much for your time
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
09-May-2012, 02:48 PM #3
GMER log
I think I now have the GMER log (I didn't realize it was automatically scanning in the beginning):

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-09 14:45:21
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 ST3320620AS rev.3.AAE
Running: po0r88xs.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\awtyrkob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA612028E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA61200F9]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Thank you so much
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
12-May-2012, 10:50 PM #4
Bump Can anybody please help me out?
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
16-May-2012, 04:47 PM #5
Help! Avast just detected 141 infected files. The same thing happened again: missing words in search suggestions, and then the error message "The application or DLL [insert program path here] is not a valid Windows image. Please check this against your installation diskette." After a while of using the internet, when I click on any program on the desktop I of course get that error message. This time I still tried anyway to click on Avast on the desktop to run a scan and for some reason, I didn't get that error message and the Avast window popped up but there was no scan icon that I could click onto, so I was again out of luck. So I can open up Avast by clicking on the Avast desktop icon but I can't run a scan because the icon isn't there, just like the missing words in the search suggestions. So I decided to do something different, I assumed I was infected with a virus that somehow depends on the internet itself so I disconnected my modem and then right-clicked on Avast in the quick launch toolbar to run a scan and it worked, well at least up to a certain point. It was working in the beginning but then Avast paused in the middle of the scan for a very long time, basically it wasn't scanning anything anymore, and so I had to stop it. So I restarted my computer and checked in the semi-finished scan log in Avast. I clicked "apply" so that my antivirus would take care of the infected files but it says "the system cannot find the file specified" and therefore cannot delete them but it did indeed say that a "virus was found". And ever since my antivirus detected a virus, my browser has been behaving normally, no missing words in Google search suggestions, no error messages, it's been only 2 days so maybe that's premature of me to say that, it's like these hackers know that I know what they've been doing and aren't taking any actions *for now*, but that doesn't mean I'm still not infected with a virus. Could anybody please help me in solving this issue?
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
24-May-2012, 10:45 PM #6
Have I provided enough information to qualify for help?
Mark1956's Avatar
Malware Removal Specialist with 13,919 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
01-Jun-2012, 10:47 AM #7
Hi Grey_Fox, sorry you have had to wait soooo long for a reply.

My name is Mark and I will help you if you still have some issues. One very prominent thing in your logs is that you are still using XP with Service Pack 2. This service pack is no longer supported by Microsoft so you will not be receiving any security updates, this can leave holes in your systems security leaving you wide open to attack.

Please post back if you require any further assistance.
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
07-Jun-2012, 03:52 PM #8
Thanks for your response Mark, I was beginning to lose hope that anyone would answer. I think I have tried to install SP3 in the past but to no avail. I also of course have Windows Automatic Updates enabled but the only update that it's offering to install is SP1 which doesn't make sense because I already have SP2; I don't want to go back in time. I'm going to try again to install SP3 but this time manually without Automatic Updates. I'll post again whether I'm successful or not.
It is with the tireless and free of charge work like yours that make things like Tor, Firefox, and its associated addons possible in the first place and for that I am deeply grateful. ;-)
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
07-Jun-2012, 05:36 PM #9
Installing SP3
I just tried to install SP3 and it didn't work. I went directly to Microsoft's website at www.update.microsoft.com where I was required to use IE8. About 2/3 in I get an error message that says: "An error in updating your system has occurred. Select 'OK' to undo the changes that have been made." And after a while I get another error message that says: "Service Pack 3 did not complete. Windows XP has been partially updated and may not work properly." Then I'm required to restart my computer. What should I do next?
Mark1956's Avatar
Malware Removal Specialist with 13,919 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
07-Jun-2012, 07:07 PM #10
Ok, there is nothing of any significance in your logs so I think we shall start with a few scans with some other tools and see what they find.

STEP 1
Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
When the window opens click on Start. It will close all running programs and clear the desktop icons.
When complete you will be asked to reboot, accept the request and your PC will reboot automatically.

STEP 2

Please download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
STEP 3

Please download Malwarebytes Anti-Malware and save it to your desktop.<UL>Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
<I>If you cannot update Malwarebyt

Last edited by Mark1956; 07-Jun-2012 at 07:16 PM..
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
07-Jun-2012, 08:03 PM #11
I tried again to install SP3 but this time I disabled SpyShelter because last time I tried to do it, it kept asking me if I wanted to allow each action and this time it worked. When I rebooted I went back to www.update.microsoft.com to see if there were other critical updates and I installed those too (72 of them; I hope you don't mind). This was before reading your new post. I'm going to do what you said right now. PS: I already have Malwarebytes installed I'm assuming you still want me to proceed with another download anyway.
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
07-Jun-2012, 09:42 PM #12
SuperAntiSpyware Logs?
SuperAntiSpyware just finished scanning; it found mostly cookies. Do you still want me to post the log here? I'm going to download Malwarebytes right now just the way you said I should. I'll keep you posted very soon.
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
07-Jun-2012, 11:02 PM #13
Malwarebytes just finished scanning and found nothing. So what next?

Last edited by Grey_Fox; 08-Jun-2012 at 02:06 AM..
Mark1956's Avatar
Malware Removal Specialist with 13,919 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
08-Jun-2012, 04:28 AM #14
Please post the logs from Malwarebytes and SuperAntiSpyware.

For some strange reason a section of my last post has dissapeared, half of the Malwarebytes instructions and another Step which was intended to help with the updating issue. Anyway, sounds like the updates are running ok now.

How is the PC running now, are there any other issues?

Irrespective of any remaining issues please run the following and post the logs.

Please read the Eset instructions carefully.


Eset online scan instructions.
IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
  • Disable your existing Anti Virus following these instructions.
  • Please go here to use the Eset Online Scanner.
  • When the web page opens click on this button
  • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
  • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
  • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
  • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
  • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
  • Back on the Eset window, click the Back button and then click on Finish.
________________________________


Download Security Check by screen317 from Here or Here. Save it to your Desktop.Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Last edited by Mark1956; 08-Jun-2012 at 04:30 AM.. Reason: Lost formatting
Grey_Fox's Avatar
Grey_Fox Grey_Fox is offline
Member with 37 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Beginner
08-Jun-2012, 04:34 PM #15
Here is the ESET log:

C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\Launcher.exe Win32/RegistryBooster application
C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\rbmonitor.exe Win32/RegistryBooster application
C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\rbnotifier.exe Win32/RegistryBooster application
C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\rb_move_serial.exe Win32/RegistryBooster application
C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\rb_ubm.exe Win32/RegistryBooster application
C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\registrybooster.exe Win32/RegistryBooster application

Here is the Malwarebytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.07.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David :: FAMILYCOMPUTER [administrator]

6/7/2012 10:01:07 PM
mbam-log-2012-06-07 (22-01-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 308548
Time elapsed: 57 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/07/2012 at 09:24 PM

Application Version : 5.0.1150

Core Rules Database Version : 8703
Trace Rules Database Version: 6515

Scan type : Complete Scan
Total Scan Time : 00:53:19

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 593
Memory threats detected : 0
Registry items scanned : 35510
Registry threats detected : 0
File items scanned : 117929
File threats detected : 67

Adware.Tracking Cookie
C:\Documents and Settings\David\Cookies\david@2o7[1].txt [ /2o7 ]
C:\Documents and Settings\David\Cookies\david@a1.interclick[1].txt [ /a1.interclick ]
C:\Documents and Settings\David\Cookies\david@accounts.google[2].txt [ /accounts.google ]
C:\Documents and Settings\David\Cookies\david@ad.piximedia[1].txt [ /ad.piximedia ]
C:\Documents and Settings\David\Cookies\david@ad.wsod[1].txt [ /ad.wsod ]
C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Documents and Settings\David\Cookies\david@ad.zanox[1].txt [ /ad.zanox ]
C:\Documents and Settings\David\Cookies\david@adbrite[1].txt [ /adbrite ]
C:\Documents and Settings\David\Cookies\david@ads.pointroll[1].txt [ /ads.pointroll ]
C:\Documents and Settings\David\Cookies\david@ads.pubmatic[2].txt [ /ads.pubmatic ]
C:\Documents and Settings\David\Cookies\david@adserver.adtechus[1].txt [ /adserver.adtechus ]
C:\Documents and Settings\David\Cookies\david@adtech[1].txt [ /adtech ]
C:\Documents and Settings\David\Cookies\david@advertising[1].txt [ /advertising ]
C:\Documents and Settings\David\Cookies\david@advertising[2].txt [ /advertising ]
C:\Documents and Settings\David\Cookies\david@adviva[1].txt [ /adviva ]
C:\Documents and Settings\David\Cookies\david@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\David\Cookies\david@aimfar.solution.weborama[1].txt [ /aimfar.solution.weborama ]
C:\Documents and Settings\David\Cookies\david@apmebf[2].txt [ /apmebf ]
C:\Documents and Settings\David\Cookies\david@ar.atwola[2].txt [ /ar.atwola ]
C:\Documents and Settings\David\Cookies\david@astrothemegroupe.solution.weborama[2].txt [ /astrothemegroupe.solution.weborama ]
C:\Documents and Settings\David\Cookies\david@at.atwola[1].txt [ /at.atwola ]
C:\Documents and Settings\David\Cookies\david@atdmt[2].txt [ /atdmt ]
C:\Documents and Settings\David\Cookies\david@atwola[2].txt [ /atwola ]
C:\Documents and Settings\David\Cookies\david@c.atdmt[2].txt [ /c.atdmt ]
C:\Documents and Settings\David\Cookies\david@c1.atdmt[1].txt [ /c1.atdmt ]
C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt [ /casalemedia ]
C:\Documents and Settings\David\Cookies\david@collective-media[1].txt [ /collective-media ]
C:\Documents and Settings\David\Cookies\david@doubleclick[1].txt [ /doubleclick ]
C:\Documents and Settings\David\Cookies\david@fastclick[1].txt [ /fastclick ]
C:\Documents and Settings\David\Cookies\david@garnier2011.solution.weborama[2].txt [ /garnier2011.solution.weborama ]
C:\Documents and Settings\David\Cookies\david@guerlain.solution.weborama[2].txt [ /guerlain.solution.weborama ]
C:\Documents and Settings\David\Cookies\david@highbeam.122.2o7[1].txt [ /highbeam.122.2o7 ]
C:\Documents and Settings\David\Cookies\david@imrworldwide[2].txt [ /imrworldwide ]
C:\Documents and Settings\David\Cookies\david@interclick[2].txt [ /interclick ]
C:\Documents and Settings\David\Cookies\david@invitemedia[1].txt [ /invitemedia ]
C:\Documents and Settings\David\Cookies\david@invitemedia[2].txt [ /invitemedia ]
C:\Documents and Settings\David\Cookies\david@legolas-media[1].txt [ /legolas-media ]
C:\Documents and Settings\David\Cookies\david@lucidmedia[2].txt [ /lucidmedia ]
C:\Documents and Settings\David\Cookies\david@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\David\Cookies\david@mediaplex[2].txt [ /mediaplex ]
C:\Documents and Settings\David\Cookies\david@pointroll[2].txt [ /pointroll ]
C:\Documents and Settings\David\Cookies\david@questionmarket[1].txt [ /questionmarket ]
C:\Documents and Settings\David\Cookies\david@revsci[2].txt [ /revsci ]
C:\Documents and Settings\David\Cookies\david@ru4[1].txt [ /ru4 ]
C:\Documents and Settings\David\Cookies\david@serving-sys[1].txt [ /serving-sys ]
C:\Documents and Settings\David\Cookies\david@sonyelectronicssupportus.112.2o7[1].txt [ /sonyelectronicssupportus.112.2o7 ]
C:\Documents and Settings\David\Cookies\david@statsadv.dadapro[1].txt [ /statsadv.dadapro ]
C:\Documents and Settings\David\Cookies\david@tacoda.at.atwola[1].txt [ /tacoda.at.atwola ]
C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt [ /tribalfusion ]
C:\Documents and Settings\David\Cookies\david@uclick[2].txt [ /uclick ]
C:\Documents and Settings\David\Cookies\david@weborama[1].txt [ /weborama ]
C:\Documents and Settings\David\Cookies\david@www.burstnet[1].txt [ /www.burstnet ]
C:\Documents and Settings\David\Cookies\david@www.googleadservices[1].txt [ /www.googleadservices ]
C:\Documents and Settings\David\Cookies\david@www.googleadservices[2].txt [ /www.googleadservices ]
C:\Documents and Settings\David\Cookies\david@www.googleadservices[3].txt [ /www.googleadservices ]
C:\Documents and Settings\David\Cookies\david@www.googleadservices[4].txt [ /www.googleadservices ]
C:\Documents and Settings\David\Cookies\david@www.googleadservices[5].txt [ /www.googleadservices ]
C:\Documents and Settings\David\Cookies\david@xiti[1].txt [ /xiti ]
C:\Documents and Settings\David\Cookies\david@yvessaintlaurentysl.solution.weborama[2].txt [ /yvessaintlaurentysl.solution.weborama ]
C:\Documents and Settings\David\Cookies\david@zedo[2].txt [ /zedo ]
C:\Documents and Settings\David\Cookies\david@bubblestat[1].txt [ /bubblestat.com ]
C:\Documents and Settings\David\Cookies\david@estat[1].txt [ /estat.com ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@2o7[1].txt [ Cookie:guest@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@interclick[1].txt [ Cookie:guest@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@ATDMT[2].TXT [ /ATDMT ]
C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@FASTCLICK[2].TXT [ /FASTCLICK ]

I set Firefox (the only browser I really use) to delete cookies including LSO cookies on exit so I'm not sure where these cookies are coming from. Maybe I had my browser open when SuperAntiSpyware was scanning. Do you also want to see the Avast logs? In those logs Avast did actually say that a virus was found. Do you think they were just false positives? Concerning the other issue I haven't had a problem since I installed SP3 but that issue has been going on for nearly 3 months so I'm not holding my breath either. I tried to press "Print Screen" when it happens so that I would be able to show you what's going on but it says that there is insufficient memory to perform the action.

Last edited by Grey_Fox; 08-Jun-2012 at 04:48 PM..
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
browser, missing words, query, search, suggestions

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑