1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Do I have a keylogger program installed on my computer?

Discussion in 'Virus & Other Malware Removal' started by Grey_Fox, May 7, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    Hi forum members, I've been getting error messages like this lately: "The application or DLL [insert program path here] is not a valid Windows image. Please check this against your installation diskette." So I did an internet search and found out that some people are even calling what I have a keylogger program. I have KeyScrambler installed on my computer I thought I would be protected if this was the case. Anyway, this is basically what happens: after a few hours of using my XP (mostly surfing the internet) my browser behaves very strangely. When I for instance do an internet search query into Google some of the words in the suggestions come up completely blank. If for instance you type "Huffington Post" in Google the first suggestion you come up with looks kinda like this:
    "Breaking News and Opinion on the Huffington Post
    www.huffingtonpost.com/
    Offers syndicated columnists, blogs and news stories with moderated comments."
    I get something like this:
    " News Opinion on the Post

    Offers columnists news stories with comments."
    Some of the words are missing in the suggestions; not all of them just some.
    Also something else happens; when I try to open any program I get that error message "The application or DLL [insert program path here] is not a valid Windows image. Please check this against your installation diskette." So I can't search because I can't see anything and I can't use word processing programs like OpenOffice so I'm forced to restart my computer. When I restart my computer everything works fine until a few hours when the whole process starts again. So what is happening to my computer?

    Your help is greatly appreciated,
    a newbie
     
  2. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    Here is the HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:29:57 PM, on 5/8/2012
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ThreatFire\TFService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\David\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
    O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
    O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [SpyShelter] C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
    O4 - Startup: OpenOffice.org 3.3.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
    O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

    --
    End of file - 10406 bytes



    Here is the DDS log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
    Run by David at 22:31:18 on 2012-05-08
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.241 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Free Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\ThreatFire\TFService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SpyShelter Personal Free\SpyShelter.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\David\My Documents\Downloads\HijackThis.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.sony.com/vaiopeople
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [SpyShelter] c:\program files\spyshelter personal free\SpyShelter.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [AlcWzrd] ALCWZRD.EXE
    mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
    mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
    mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
    mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    StartupFolder: c:\docume~1\david\startm~1\programs\startup\OPENOF~1.LNK -
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
    TCP: Interfaces\{81D2E6CA-715E-403A-973C-27454FA0FDE0} : DhcpNameServer = 192.168.0.1 216.165.129.158
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxsrvc.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\david\application data\mozilla\firefox\profiles\fld2ez9s.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-1-17 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-1-17 69392]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-17 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-17 337880]
    R1 Spyshelter;Spyshelter;c:\program files\spyshelter personal free\SpyShelter.sys [2012-3-1 167224]
    R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-18 525840]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-17 20696]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-17 44768]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
    R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
    R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-1-17 173880]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-1-17 33552]
    S0 lmbgir;lmbgir;c:\windows\system32\drivers\idsvq.sys --> c:\windows\system32\drivers\idsvq.sys [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-25 03:31:23 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-04-25 03:31:10 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-04-25 03:31:10 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    .
    ==================== Find3M ====================
    .
    2012-03-18 22:54:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    .
    ============= FINISH: 22:39:33.12 ===============



    I tried to post the GMER log but it was too long nor could I attach it. I feel I'm doing something wrong, but what?

    Thank you so much for your time
     

    Attached Files:

  3. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    I think I now have the GMER log (I didn't realize it was automatically scanning in the beginning):

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-05-09 14:45:21
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 ST3320620AS rev.3.AAE
    Running: po0r88xs.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\awtyrkob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA612028E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA61200F9]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    Thank you so much
     
  4. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    Bump Can anybody please help me out?
     
  5. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    Help! Avast just detected 141 infected files. The same thing happened again: missing words in search suggestions, and then the error message "The application or DLL [insert program path here] is not a valid Windows image. Please check this against your installation diskette." After a while of using the internet, when I click on any program on the desktop I of course get that error message. This time I still tried anyway to click on Avast on the desktop to run a scan and for some reason, I didn't get that error message and the Avast window popped up but there was no scan icon that I could click onto, so I was again out of luck. So I can open up Avast by clicking on the Avast desktop icon but I can't run a scan because the icon isn't there, just like the missing words in the search suggestions. So I decided to do something different, I assumed I was infected with a virus that somehow depends on the internet itself so I disconnected my modem and then right-clicked on Avast in the quick launch toolbar to run a scan and it worked, well at least up to a certain point. It was working in the beginning but then Avast paused in the middle of the scan for a very long time, basically it wasn't scanning anything anymore, and so I had to stop it. So I restarted my computer and checked in the semi-finished scan log in Avast. I clicked "apply" so that my antivirus would take care of the infected files but it says "the system cannot find the file specified" and therefore cannot delete them but it did indeed say that a "virus was found". And ever since my antivirus detected a virus, my browser has been behaving normally, no missing words in Google search suggestions, no error messages, it's been only 2 days so maybe that's premature of me to say that, it's like these hackers know that I know what they've been doing and aren't taking any actions *for now*, but that doesn't mean I'm still not infected with a virus. Could anybody please help me in solving this issue?
     
  6. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    Have I provided enough information to qualify for help?
     
  7. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi Grey_Fox, sorry you have had to wait soooo long for a reply.

    My name is Mark and I will help you if you still have some issues. One very prominent thing in your logs is that you are still using XP with Service Pack 2. This service pack is no longer supported by Microsoft so you will not be receiving any security updates, this can leave holes in your systems security leaving you wide open to attack.

    Please post back if you require any further assistance.
     
  8. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    Thanks for your response Mark, I was beginning to lose hope that anyone would answer. I think I have tried to install SP3 in the past but to no avail. I also of course have Windows Automatic Updates enabled but the only update that it's offering to install is SP1 which doesn't make sense because I already have SP2; I don't want to go back in time. I'm going to try again to install SP3 but this time manually without Automatic Updates. I'll post again whether I'm successful or not.
    It is with the tireless and free of charge work like yours that make things like Tor, Firefox, and its associated addons possible in the first place and for that I am deeply grateful. ;-)
     
  9. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    I just tried to install SP3 and it didn't work. I went directly to Microsoft's website at www.update.microsoft.com where I was required to use IE8. About 2/3 in I get an error message that says: "An error in updating your system has occurred. Select 'OK' to undo the changes that have been made." And after a while I get another error message that says: "Service Pack 3 did not complete. Windows XP has been partially updated and may not work properly." Then I'm required to restart my computer. What should I do next?
     
  10. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, there is nothing of any significance in your logs so I think we shall start with a few scans with some other tools and see what they find.

    STEP 1
    Download Temporary file cleaner and save it to the desktop.
    Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
    When the window opens click on Start. It will close all running programs and clear the desktop icons.
    When complete you will be asked to reboot, accept the request and your PC will reboot automatically.

    STEP 2

    Please download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.
    STEP 3

    Please download Malwarebytes Anti-Malware [​IMG] and save it to your desktop.<UL>Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
    Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
    <I>If you cannot update Malwarebyt
     
  11. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    I tried again to install SP3 but this time I disabled SpyShelter because last time I tried to do it, it kept asking me if I wanted to allow each action and this time it worked. When I rebooted I went back to www.update.microsoft.com to see if there were other critical updates and I installed those too (72 of them; I hope you don't mind). This was before reading your new post. I'm going to do what you said right now. PS: I already have Malwarebytes installed I'm assuming you still want me to proceed with another download anyway.
     
  12. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    SuperAntiSpyware just finished scanning; it found mostly cookies. Do you still want me to post the log here? I'm going to download Malwarebytes right now just the way you said I should. I'll keep you posted very soon.
     
  13. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    Malwarebytes just finished scanning and found nothing. So what next?
     
  14. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please post the logs from Malwarebytes and SuperAntiSpyware.

    For some strange reason a section of my last post has dissapeared, half of the Malwarebytes instructions and another Step which was intended to help with the updating issue. Anyway, sounds like the updates are running ok now.

    How is the PC running now, are there any other issues?

    Irrespective of any remaining issues please run the following and post the logs.

    Please read the Eset instructions carefully.


    Eset online scan instructions.
    IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
    • Disable your existing Anti Virus following these instructions.
    • Please go here to use the Eset Online Scanner.
    • When the web page opens click on this button [​IMG]
    • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
    • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
    • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
    • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
    • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
    • Back on the Eset window, click the Back button and then click on Finish.
    ________________________________


    Download Security Check by screen317 from Here or Here. Save it to your Desktop.Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  15. Grey_Fox

    Grey_Fox Thread Starter

    Joined:
    May 7, 2012
    Messages:
    37
    Here is the ESET log:

    C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\Launcher.exe Win32/RegistryBooster application
    C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\rbmonitor.exe Win32/RegistryBooster application
    C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\rbnotifier.exe Win32/RegistryBooster application
    C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\rb_move_serial.exe Win32/RegistryBooster application
    C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\rb_ubm.exe Win32/RegistryBooster application
    C:\Documents and Settings\David\Local Settings\Temp\mia136.tmp\data\OFFLINE\873987EB\53DCF9F9\registrybooster.exe Win32/RegistryBooster application

    Here is the Malwarebytes log:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.07.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    David :: FAMILYCOMPUTER [administrator]

    6/7/2012 10:01:07 PM
    mbam-log-2012-06-07 (22-01-07).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 308548
    Time elapsed: 57 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Here is the SuperAntiSpyware log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/07/2012 at 09:24 PM

    Application Version : 5.0.1150

    Core Rules Database Version : 8703
    Trace Rules Database Version: 6515

    Scan type : Complete Scan
    Total Scan Time : 00:53:19

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 593
    Memory threats detected : 0
    Registry items scanned : 35510
    Registry threats detected : 0
    File items scanned : 117929
    File threats detected : 67

    Adware.Tracking Cookie
    C:\Documents and Settings\David\Cookies\david@2o7[1].txt [ /2o7 ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /a1.interclick ]
    C:\Documents and Settings\David\Cookies\[email protected][2].txt [ /accounts.google ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /ad.piximedia ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /ad.wsod ]
    C:\Documents and Settings\David\Cookies\[email protected][2].txt [ /ad.yieldmanager ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /ad.zanox ]
    C:\Documents and Settings\David\Cookies\david@adbrite[1].txt [ /adbrite ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /ads.pointroll ]
    C:\Documents and Settings\David\Cookies\[email protected][2].txt [ /ads.pubmatic ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /adserver.adtechus ]
    C:\Documents and Settings\David\Cookies\david@adtech[1].txt [ /adtech ]
    C:\Documents and Settings\David\Cookies\david@advertising[1].txt [ /advertising ]
    C:\Documents and Settings\David\Cookies\david@advertising[2].txt [ /advertising ]
    C:\Documents and Settings\David\Cookies\david@adviva[1].txt [ /adviva ]
    C:\Documents and Settings\David\Cookies\david@adxpose[1].txt [ /adxpose ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /aimfar.solution.weborama ]
    C:\Documents and Settings\David\Cookies\david@apmebf[2].txt [ /apmebf ]
    C:\Documents and Settings\David\Cookies\[email protected][2].txt [ /ar.atwola ]
    C:\Documents and Settings\David\Cookies\[email protected][2].txt [ /astrothemegroupe.solution.weborama ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /at.atwola ]
    C:\Documents and Settings\David\Cookies\david@atdmt[2].txt [ /atdmt ]
    C:\Documents and Settings\David\Cookies\david@atwola[2].txt [ /atwola ]
    C:\Documents and Settings\David\Cookies\[email protected][2].txt [ /c.atdmt ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /c1.atdmt ]
    C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt [ /casalemedia ]
    C:\Documents and Settings\David\Cookies\david@collective-media[1].txt [ /collective-media ]
    C:\Documents and Settings\David\Cookies\david@doubleclick[1].txt [ /doubleclick ]
    C:\Documents and Settings\David\Cookies\david@fastclick[1].txt [ /fastclick ]
    C:\Documents and Settings\David\Cookies\[email protected][2].txt [ /garnier2011.solution.weborama ]
    C:\Documents and Settings\David\Cookies\[email protected][2].txt [ /guerlain.solution.weborama ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /highbeam.122.2o7 ]
    C:\Documents and Settings\David\Cookies\david@imrworldwide[2].txt [ /imrworldwide ]
    C:\Documents and Settings\David\Cookies\david@interclick[2].txt [ /interclick ]
    C:\Documents and Settings\David\Cookies\david@invitemedia[1].txt [ /invitemedia ]
    C:\Documents and Settings\David\Cookies\david@invitemedia[2].txt [ /invitemedia ]
    C:\Documents and Settings\David\Cookies\david@legolas-media[1].txt [ /legolas-media ]
    C:\Documents and Settings\David\Cookies\david@lucidmedia[2].txt [ /lucidmedia ]
    C:\Documents and Settings\David\Cookies\david@media6degrees[1].txt [ /media6degrees ]
    C:\Documents and Settings\David\Cookies\david@mediaplex[2].txt [ /mediaplex ]
    C:\Documents and Settings\David\Cookies\david@pointroll[2].txt [ /pointroll ]
    C:\Documents and Settings\David\Cookies\david@questionmarket[1].txt [ /questionmarket ]
    C:\Documents and Settings\David\Cookies\david@revsci[2].txt [ /revsci ]
    C:\Documents and Settings\David\Cookies\david@ru4[1].txt [ /ru4 ]
    C:\Documents and Settings\David\Cookies\david@serving-sys[1].txt [ /serving-sys ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /sonyelectronicssupportus.112.2o7 ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /statsadv.dadapro ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /tacoda.at.atwola ]
    C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt [ /tribalfusion ]
    C:\Documents and Settings\David\Cookies\david@uclick[2].txt [ /uclick ]
    C:\Documents and Settings\David\Cookies\david@weborama[1].txt [ /weborama ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /www.burstnet ]
    C:\Documents and Settings\David\Cookies\[email protected][1].txt [ /www.googleadservices ]
    C:\Documents and Settings\David\Cookies\[email protected][2].txt [ /www.googleadservices ]
    C:\Documents and Settings\David\Cookies\[email protected][3].txt [ /www.googleadservices ]
    C:\Documents and Settings\David\Cookies\[email protected][4].txt [ /www.googleadservices ]
    C:\Documents and Settings\David\Cookies\[email protected][5].txt [ /www.googleadservices ]
    C:\Documents and Settings\David\Cookies\david@xiti[1].txt [ /xiti ]
    C:\Documents and Settings\David\Cookies\[email protected][2].txt [ /yvessaintlaurentysl.solution.weborama ]
    C:\Documents and Settings\David\Cookies\david@zedo[2].txt [ /zedo ]
    C:\Documents and Settings\David\Cookies\david@bubblestat[1].txt [ /bubblestat.com ]
    C:\Documents and Settings\David\Cookies\david@estat[1].txt [ /estat.com ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@2o7[1].txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\guest@interclick[1].txt [ Cookie:[email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\[email protected][1].TXT [ /AD.YIELDMANAGER ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@ATDMT[2].TXT [ /ATDMT ]
    C:\DOCUMENTS AND SETTINGS\GUEST\COOKIES\GUEST@FASTCLICK[2].TXT [ /FASTCLICK ]

    I set Firefox (the only browser I really use) to delete cookies including LSO cookies on exit so I'm not sure where these cookies are coming from. Maybe I had my browser open when SuperAntiSpyware was scanning. Do you also want to see the Avast logs? In those logs Avast did actually say that a virus was found. Do you think they were just false positives? Concerning the other issue I haven't had a problem since I installed SP3 but that issue has been going on for nearly 3 months so I'm not holding my breath either. I tried to press "Print Screen" when it happens so that I would be able to show you what's going on but it says that there is insufficient memory to perform the action.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1052323