Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winantivirus/spydoctor been installed by naive parent!

Started by nobbyburton , Apr 21 2007 04:38 AM

  • Please log in to reply

#1
nobbyburton
Posted 21 April 2007 - 04:38 AM

nobbyburton

    Member

  • Member
  • PipPipPip
  • 173 posts
i've read through the guides, and removed the software he paid for! and installed
pc still runs slowly at times, and google toolbar cannot run in explorer after i had removed winantivirus (not too bothered about that)
using process explorer, when accessing outlook/IE, hardware interrupts slow machine too standstill

any ideas, and can you view this log to see whats left to do

thanks


Logfile of HijackThis v1.99.1
Scan saved at 11:34:35, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DC6] C:\DOCUME~1\Ken\LOCALS~1\Temp\startupfc719ce7-4331-4add-908a-1f2c62da4bc8.exe /s1 /setup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...925/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

Advertisements

#2
nobbyburton
Posted 21 April 2007 - 06:15 AM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
lots of problems using IE as well, script errors etc

any help or advice appreciated
  • 0

#3
nobbyburton
Posted 22 April 2007 - 07:04 AM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
any help appreciated bump
  • 0

#4
nobbyburton
Posted 23 April 2007 - 02:20 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
anybody out there help please
  • 0

#5
handhfan
Posted 24 April 2007 - 03:31 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, nobbyburton, and welcome to Geeks To Go. :whistling: Sorry about the delay, it's been pretty busy around here. Also, in the future, please do not bump your topic. We look for topics with no replies and bumping your log only makes you want longer.

Let's start out with some general scans and see if we can't clean things up a little.

1. Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesn't work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

2. After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have received help elsewhere or no longer need our assistance, please let us know.
  • 0

#6
handhfan
Posted 08 May 2007 - 02:28 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
nobbyburton
Posted 13 May 2007 - 03:07 AM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
http://www.geekstogo...nt-t156079.html

apologies, original thread was closed as i only able to access my parents pc monthly when i visit
on the last thread, was told to post two more hijackthis logs after running virus check (normal and uninstall are below)

here they are
his system still not running correctly, having to use mozilla as IE doesnt work, and he is unable to use search under my computer to look for files, get strange message about search companion fault

any help appreciated,

Logfile of HijackThis v1.99.1
Scan saved at 16:37:25, on 12/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DC6] C:\DOCUME~1\Ken\LOCALS~1\Temp\startupfc719ce7-4331-4add-908a-1f2c62da4bc8.exe /s1 /setup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
Agfa ScanWise 1.10
Apple Software Update
AVG 7.5
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon EOS 20D WIA Driver
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 1.1
Canon Utilities EOS Capture 1.1
Canon Utilities EOS Viewer Utility 1.1
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro
D-Link USB Digital Video Camera
dpMagic CE
DVD Shrink 3.2
EZ Calendar
FinePixViewer Ver.4.2
Focus Multimedia's Create Your Own Posters && Signs
FUJIFILM USB Driver
Google Desktop Search
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ImageMixer VCD2 for FinePix
Install Provider
Iomega Automatic Backup Pro
Iomega Product Registration
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java™ SE Runtime Environment 6 Update 1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MicroStaff WINASPI
Mozilla Firefox (2.0.0.3)
Mozilla Thunderbird (2.0.0.0)
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
Nero Suite
OLYMPUS CAMEDIA Master 4.2
Picasa 2
Prevx1
QuickTime
RAW FILE CONVERTER LE
RawShooter essentials 2006
RealArcade
RealPlayer
Registry Mechanic 6.0
RollerCoaster Tycoon 3
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Serif MoviePlus 5
Serif MoviePlus 5 Resources
Serif PagePlus 5.0
Serif PhotoPlus 10
SpeedTouch USB Software
UniChrome Series Driver and Utilities
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
VIA Audio Driver Setup Program
VIA Rhine-Family Fast Ethernet Adapter
Virtual Earth 3D (Beta)
Wanadoo Search Toolbar
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Yahoo! Install Manager
Yahoo! Toolbar
  • 0

#8
handhfan
Posted 13 May 2007 - 06:16 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Welcome back. :whistling:

1. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

2. Please download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan, along with a new HijackThis log.

  • 0

#9
jwbirdsong
Posted 15 May 2007 - 09:43 PM

jwbirdsong

    Trusted Helper

  • Retired Staff
  • 668 posts
just so you know, handhfan has had some issues come up and is unable to continue right now...I'll be stepping in and taking this log with you from here on out.
  • 0

#10
nobbyburton
Posted 21 May 2007 - 01:08 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
thanks, am going to try and talk this through with my dad over the phone today, mon 21st
will be at his house this weekend to follow up any problems
  • 0

#11
nobbyburton
Posted 22 May 2007 - 02:25 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:31:09 21/05/2007

+ Scan result:



HKU\S-1-5-21-1708537768-1563985344-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1708537768-1563985344-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035823.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\Documents and Settings\Ken\Local Settings\Temp\setup.exe -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035732.exe -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP284\A0040949.exe -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP284\A0040950.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP299\A0042219.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP284\A0040940.exe -> Adware.Fakealert : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP299\A0042218.exe -> Adware.Fakealert : Cleaned with backup (quarantined).
HKU\S-1-5-21-1708537768-1563985344-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{84938242-5C5B-4A55-B6B9-A1507543B418} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1708537768-1563985344-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6ACAE64-F798-4930-AD86-BD3FB32038DB} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1708537768-1563985344-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84938242-5C5B-4A55-B6B9-A1507543B418} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1708537768-1563985344-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6ACAE64-F798-4930-AD86-BD3FB32038DB} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Ken\My Documents\My Downloads\PestCaptureSetup.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035708.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP341\A0046238.exe -> Adware.Systemdoctor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1708537768-1563985344-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKU\S-1-5-21-1708537768-1563985344-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP341\A0046242.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Documents and Settings\Ken\My Documents\My Downloads\installdrivecleanerstart_tbn.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035721.dll -> Downloader.Zlob.aud : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035722.exe -> Downloader.Zlob.aud : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0036901.exe -> Downloader.Zlob.bng : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP280\A0035289.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP280\A0035290.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP280\A0035291.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035720.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035737.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035738.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035811.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035812.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0035813.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0036811.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0036812.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0036813.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0036888.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0036889.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0036890.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0036899.dll -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0036900.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP281\A0036902.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
C:\Documents and Settings\Ken\My Documents\My Downloads\SystemDoctor2006FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP280\A0035281.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP341\A0046245.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\Documents and Settings\Ken\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
E:\norton grage 05\Cookies\[email protected][3].txt -> TrackingCookie.2o7 : Cleaned.
E:\norton grage 05\Cookies\[email protected][4].txt -> TrackingCookie.2o7 : Cleaned.
E:\norton grage 05\Cookies\__@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\norton grage 05\Cookies\__@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
E:\norton grage 05\Cookies\__@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Adobe : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Adserver : Cleaned.
E:\norton grage 05\Cookies\[email protected][4].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
E:\norton grage 05\Cookies\__@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
E:\norton grage 05\Cookies\__@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\__@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\__@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\__@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\__@advertising[4].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\__@advertising[5].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\__@advertising[6].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\__@advertising[7].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\[email protected][3].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\[email protected][4].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\[email protected][5].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\[email protected][6].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\[email protected][7].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\[email protected][8].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\[email protected][9].txt -> TrackingCookie.Advertising : Cleaned.
E:\norton grage 05\Cookies\__@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
E:\norton grage 05\Cookies\__@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
E:\norton grage 05\Cookies\__@adviva[3].txt -> TrackingCookie.Adviva : Cleaned.
E:\norton grage 05\Cookies\__@adviva[4].txt -> TrackingCookie.Adviva : Cleaned.
E:\norton grage 05\Cookies\__@adviva[5].txt -> TrackingCookie.Adviva : Cleaned.
E:\norton grage 05\Cookies\__@adviva[6].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
E:\norton grage 05\Cookies\__@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
E:\norton grage 05\Cookies\__@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
E:\norton grage 05\Cookies\__@atdmt[4].txt -> TrackingCookie.Atdmt : Cleaned.
E:\norton grage 05\Cookies\__@atdmt[5].txt -> TrackingCookie.Atdmt : Cleaned.
E:\norton grage 05\Cookies\__@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
E:\norton grage 05\Cookies\__@bfast[3].txt -> TrackingCookie.Bfast : Cleaned.
E:\norton grage 05\Cookies\__@bfast[4].txt -> TrackingCookie.Bfast : Cleaned.
E:\norton grage 05\Cookies\__@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
E:\norton grage 05\Cookies\__@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
E:\norton grage 05\Cookies\__@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned.
E:\norton grage 05\Cookies\__@bluestreak[4].txt -> TrackingCookie.Bluestreak : Cleaned.
E:\norton grage 05\Cookies\__@bluestreak[5].txt -> TrackingCookie.Bluestreak : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.
E:\norton grage 05\Cookies\__@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
E:\norton grage 05\Cookies\__@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
E:\norton grage 05\Cookies\__@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
E:\norton grage 05\Cookies\__@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned.
E:\norton grage 05\Cookies\__@click2net[2].txt -> TrackingCookie.Click2net : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Co : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Co : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Ken\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
E:\norton grage 05\Cookies\__@com[1].txt -> TrackingCookie.Com : Cleaned.
E:\norton grage 05\Cookies\__@com[3].txt -> TrackingCookie.Com : Cleaned.
E:\norton grage 05\Cookies\__@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\Ken\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Counted : Cleaned.
E:\norton grage 05\Cookies\[email protected][3].txt -> TrackingCookie.Counted : Cleaned.
E:\norton grage 05\Cookies\__@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEadufsu -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEbabift -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEbgmaaa -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEbpsnnp -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEckhgyl -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEcpsivv -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEdzeaib -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEeabmqm -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEebvwib -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEefojsm -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEespzyz -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEexexqo -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEfrshzz -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEgeeoyx -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEgmqxfh -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEhlsxex -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEhrbdys -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEhrlrak -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEhvyuqy -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEhxlavq -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEigfuvq -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEihfrtg -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEipaqze -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEiqyybk -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEirpzxo -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEivbbec -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEjaeodf -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEjhqczd -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEjsehse -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEjyztkp -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEjzsscb -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEknvigl -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEkyzktk -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KElabuwx -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEleesnr -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KElijazh -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KElngftx -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEloboip -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEmarrwi -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEmhoprd -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEmhpuha -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEmnhtpw -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEnakdoh -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEnbanch -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEnjmgew -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEnwlfll -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEnygurs -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEoeiqcb -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEorhqmp -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEotgerw -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEpfgycb -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEpgmaun -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEppcywc -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEprylvk -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEptouov -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEqbffmx -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEqlljuo -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEqtmhtc -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEquxdns -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KErgezyo -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KErhlzzi -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KErhqfyl -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KErprbvz -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KErsyozs -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KErxkfii -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEseaelv -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEsojjlu -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEswcojf -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEszdkow -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEttnfdx -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEufwklu -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEuiktjx -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEulsqfd -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEutszsg -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEvgtyje -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEvluloe -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEvqhxsv -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEvvnkqw -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEwkkinj -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEwryoyk -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEwuiocp -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KExcbfep -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KExegorb -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KExlzoeo -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KExwfwuq -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEyaxxmn -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEybouvy -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEydzhwb -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEyfhlrs -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEyiryjh -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEyxegko -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEzegcsf -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEzeoijg -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEzgvogy -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEzjvdzv -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEzlbtnm -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEzqaqnv -> TrackingCookie.Doubleclick : Cleaned.
C:\WA7P\Quar\KEzssbju -> TrackingCookie.Doubleclick : Cleaned.
E:\norton grage 05\Cookies\__@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
E:\norton grage 05\Cookies\__@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
E:\norton grage 05\Cookies\__@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Enliven : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\WA7P\Quar\KEjecpmd -> TrackingCookie.Fastclick : Cleaned.
E:\norton grage 05\Cookies\__@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
E:\norton grage 05\Cookies\__@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
E:\norton grage 05\Cookies\__@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
E:\norton grage 05\Cookies\__@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned.
E:\norton grage 05\Cookies\__@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
E:\norton grage 05\Cookies\__@focalink[1].txt -> TrackingCookie.Focalink : Cleaned.
E:\norton grage 05\Cookies\__@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
E:\norton grage 05\Cookies\__@gator[1].txt -> TrackingCookie.Gator : Cleaned.
E:\norton grage 05\Cookies\__@gator[2].txt -> TrackingCookie.Gator : Cleaned.
E:\norton grage 05\Cookies\__@gator[4].txt -> TrackingCookie.Gator : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Gator : Cleaned.
E:\norton grage 05\Cookies\[email protected][3].txt -> TrackingCookie.Gator : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][3].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][4].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\__@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\__@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\__@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\__@hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\__@hitbox[5].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\__@hitbox[6].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\__@hitbox[8].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\__@hitbox[9].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned.
E:\norton grage 05\Cookies\[email protected][3].txt -> TrackingCookie.Hitslink : Cleaned.
E:\norton grage 05\Cookies\__@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
E:\norton grage 05\Cookies\__@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
E:\norton grage 05\Cookies\__@intelli-direct[2].txt -> TrackingCookie.Intelli-direct : Cleaned.
E:\norton grage 05\Cookies\__@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
E:\norton grage 05\Cookies\__@lop[1].txt -> TrackingCookie.Lop : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\norton grage 05\Cookies\__@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\norton grage 05\Cookies\__@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\norton grage 05\Cookies\__@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\norton grage 05\Cookies\__@mediaplex[4].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\norton grage 05\Cookies\__@mediaplex[6].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\norton grage 05\Cookies\__@mediaplex[7].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\norton grage 05\Cookies\__@mediaplex[8].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\norton grage 05\Cookies\__@mediaplex[9].txt -> TrackingCookie.Mediaplex : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Msn : Cleaned.
E:\norton grage 05\Cookies\[email protected][3].txt -> TrackingCookie.Msn : Cleaned.
E:\norton grage 05\Cookies\__@myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Ken\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
E:\norton grage 05\Cookies\__@overture[2].txt -> TrackingCookie.Overture : Cleaned.
E:\norton grage 05\Cookies\__@overture[4].txt -> TrackingCookie.Overture : Cleaned.
E:\norton grage 05\Cookies\__@overture[5].txt -> TrackingCookie.Overture : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Paypal : Cleaned.
E:\norton grage 05\Cookies\[email protected][4].txt -> TrackingCookie.Paypal : Cleaned.
E:\norton grage 05\Cookies\[email protected][5].txt -> TrackingCookie.Paypal : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Popuptraffic : Cleaned.
E:\norton grage 05\Cookies\__@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
E:\norton grage 05\Cookies\__@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
E:\norton grage 05\Cookies\__@qksrv[4].txt -> TrackingCookie.Qksrv : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Quarterserver : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\norton grage 05\Cookies\__@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\norton grage 05\Cookies\__@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\norton grage 05\Cookies\__@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\norton grage 05\Cookies\__@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@real[1].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\__@real[1].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\__@real[2].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\__@real[3].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\[email protected][3].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\[email protected][4].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\[email protected][5].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\[email protected][3].txt -> TrackingCookie.Real : Cleaned.
E:\norton grage 05\Cookies\__@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
E:\norton grage 05\Cookies\__@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
E:\norton grage 05\Cookies\__@realmedia[4].txt -> TrackingCookie.Realmedia : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
E:\norton grage 05\Cookies\[email protected][4].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Ken\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Ken\Cookies\ken@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
E:\norton grage 05\Cookies\__@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
E:\norton grage 05\Cookies\__@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
E:\norton grage 05\Cookies\__@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
E:\norton grage 05\Cookies\__@spinbox[1].txt -> TrackingCookie.Spinbox : Cleaned.
E:\norton grage 05\Cookies\__@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
E:\norton grage 05\Cookies\__@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
E:\norton grage 05\Cookies\__@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Ken\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned.
E:\norton grage 05\Cookies\__@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
E:\norton grage 05\Cookies\__@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
E:\norton grage 05\Cookies\__@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
E:\norton grage 05\Cookies\__@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
E:\norton grage 05\Cookies\__@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
E:\norton grage 05\Cookies\__@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
E:\norton grage 05\Cookies\__@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
E:\norton grage 05\Cookies\__@valueclick[4].txt -> TrackingCookie.Valueclick : Cleaned.
E:\norton grage 05\Cookies\__@valueclick[5].txt -> TrackingCookie.Valueclick : Cleaned.
E:\norton grage 05\Cookies\__@valueclick[7].txt -> TrackingCookie.Valueclick : Cleaned.
E:\norton grage 05\Cookies\__@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Web-stat : Cleaned.
E:\norton grage 05\Cookies\__@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Ken\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\WA7P\Quar\KEbmqhrw -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEbuphhx -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEdfcask -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEethngi -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEfwqzor -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEgpvcvt -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEhbjdzq -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEhybeez -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEitovim -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEjlcpbg -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEjtdafb -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEjtjmpv -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEmbnpnu -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEmprehk -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEnexjla -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEoozknz -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEqeaokf -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KErpngsi -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEszjegj -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEtdbgnx -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEvththb -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEwhfzfb -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEwkhswk -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KExbieid -> TrackingCookie.Webtrendslive : Cleaned.
C:\WA7P\Quar\KEynzkgj -> TrackingCookie.Webtrendslive : Cleaned.
E:\norton grage 05\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned.
E:\norton grage 05\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
E:\norton grage 05\Cookies\__@x10[2].txt -> TrackingCookie.X10 : Cleaned.
E:\norton grage 05\Cookies\__@x10[3].txt -> TrackingCookie.X10 : Cleaned.
E:\norton grage 05\Cookies\__@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
E:\norton grage 05\Cookies\__@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
E:\norton grage 05\Cookies\__@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
E:\norton grage 05\Cookies\__@zedo[4].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{459F9B87-CFD4-4A3B-AA85-E220E051E149}\RP299\A0042217.exe -> Trojan.Fakealert.fb : Cleaned with backup (quarantined).


::Report end

and now hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 21:17:45, on 22/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DC6] C:\DOCUME~1\Ken\LOCALS~1\Temp\startupfc719ce7-4331-4add-908a-1f2c62da4bc8.exe /s1 /setup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
  • 0

#12
jwbirdsong
Posted 26 May 2007 - 05:06 AM

jwbirdsong

    Trusted Helper

  • Retired Staff
  • 668 posts
Is the computer still having the IE and search problem?
  • 0

#13
nobbyburton
Posted 26 May 2007 - 04:17 PM

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
yes tried, doing a srchasst reinstall using %systemroot%\inf, and following some instructions reinstalling certian files found in hard drive, as dont have separate xp2 cd, didnt work

search assistant still not working

were the other logs posted earlier showing clean?
  • 0

#14
jwbirdsong
Posted 26 May 2007 - 05:15 PM

jwbirdsong

    Trusted Helper

  • Retired Staff
  • 668 posts

were the other logs posted earlier showing clean

They are.....I'm looking into both issues as we speak......It's possible they are inter-related
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP