Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Pop Up Websites Slowing My System


  • Please log in to reply
13 replies to this topic

#1 ghowitt

ghowitt

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 17 May 2008 - 02:06 PM

My system set up espec connection to internet is slow and I have constant pop ups. I had same problem around 2 months ago and came on this site for assistance. My sytem did improve but has now got problems again. I haverum Spybot and Adware. Highjack this log attached

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:19, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PollStyle] C:\DOCUME~1\JAMESH~1\APPLIC~1\MAGSME~1\mfcdopen.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.arabtrust.org.uk/multimedia/bac...ds/arab_thb.gif
O24 - Desktop Component 1: (no name) - http://www.arabtrust.org.uk/multimedia/bac...s/arab_1024.jpg

--
End of file - 12083 bytes

BC AdBot (Login to Remove)

 


m

#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 09 June 2008 - 09:34 AM

ghowitt

Sorry for the delay.

If you still need assistance could you post a fresh Hiajckthis log?
Posted Image
Microsoft MVP - Windows Security

#3 ghowitt

ghowitt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 10 June 2008 - 01:10 PM

Thanks. Still need asssitance. Fresh log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:42, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PollStyle] C:\DOCUME~1\JAMESH~1\APPLIC~1\MAGSME~1\mfcdopen.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.arabtrust.org.uk/multimedia/bac...ds/arab_thb.gif
O24 - Desktop Component 1: (no name) - http://www.arabtrust.org.uk/multimedia/bac...s/arab_1024.jpg

--
End of file - 12159 bytes

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 10 June 2008 - 08:55 PM

ghowitt

Re Run HijackthisAt the Main window select "Open the misc tool section"
Then select "Open uninstall manager"
Then "save list" and save it to your desktop
Copy and paste that list as a reply to this thread
Posted Image
Microsoft MVP - Windows Security

#5 ghowitt

ghowitt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 13 June 2008 - 04:14 PM

List attached



ACDSee 9 Photo Manager
ACDSee for PENTAX
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
AOL UK
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft QuickDVD 2
BAMZOOKi v3.1 (build 204.173)
Belkin 54g USB Network Adapter
Belkin ADSL Router USB Driver 5.2.3667.0
Boots Viewer
CameraMate Real-Time Video Driver
Canon iP1300
Canon iP1300 User Registration
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
ccCommon
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Component Framework
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
DAO
DC1500 Digital Camera
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Digital Line Detect
Digital Photo Navigator 1.0
DVDSentry
Easy CD Creator 5 Basic
Easy-WebPrint
ESET Online Scanner
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
igLoader 2,0,0,2
ImageMixer with VCD
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iPod Update 2004-04-28
iTunes
Java™ 6 Update 6
Kaspersky Online Scanner
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Lizardtech DjVu Control
Macrogaming SweetIM 1.2a
Macromedia Flash Player 8
Macromedia Shockwave Player
MailWasher Free 6.1
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MicroStaff WINASPI
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
My DSC
MyDSC_CIF
MyDVD
NetWaiting
No Trace 1.0
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
Paint Shop Pro 7
Panda ActiveScan
Philips Device Manager
PPLive 1.0.7.3
ProPix DVD
QuickTime
RealPlayer
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Shockwave
Sony Ericsson PC Suite 1.20.173
SPBBC 32bit
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Spyware Begone Free Scan
Spyware Begone V6.70
SpywareBlaster 4.0
Super Collapse! from GameHouse
SymNet
The Sims Deluxe Edition
Tvants 1.0
Update for Office 2007 (KB946691)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Uploader
Viewpoint Media Player
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Toolbar

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 16 June 2008 - 07:44 AM

ghowitt

1. Go to Add or Remove programs (Click Start ->> Control Panel ->> Add or Remove programs)
and uninstall the following programsMessenger Plus! Live & Sponsor (CiD) <<- Source of the pop - ups
Spyware Begone Free Scan <<- THIS LINK
Close Add or Remove Programs ->> Rerun Hijackthis and post a fresh Hijackthis log.
Posted Image
Microsoft MVP - Windows Security

#7 ghowitt

ghowitt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 16 June 2008 - 01:46 PM

Done:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:42, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.arabtrust.org.uk/multimedia/bac...ds/arab_thb.gif
O24 - Desktop Component 1: (no name) - http://www.arabtrust.org.uk/multimedia/bac...s/arab_1024.jpg

--
End of file - 12011 bytes

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 16 June 2008 - 02:24 PM

ghowitt

Good work.

1. Rerun Hijackthis (scan only) and place checks beside the following entriesO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC

2. Please perform an Ewido Online Malware Scan
  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.

Posted Image
Microsoft MVP - Windows Security

#9 ghowitt

ghowitt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 17 June 2008 - 02:17 PM

Could not delete 04...My Web Search Bar etc with Highjackthis. My spybot programme appeared to disallow the deletion. Mentioned black list?

See log:

____________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\James Howitt\Cookies\james_howitt@adopt.euroclick[2].txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\James Howitt\Cookies\james_howitt@adopt.euroclick[3].txt
Risk: Medium

Name: TrackingCookie.Tracking101
Path: C:\Documents and Settings\James Howitt\Cookies\james_howitt@login.tracking101[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\James Howitt\Cookies\james_howitt@server.iad.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\James Howitt\Cookies\james_howitt@ssl-hints.netflame[2].txt
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{035AEB27-A645-FEB8-F1C4-FC9346EC0D8F}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{1BD61EA0-9AC6-5F04-0323-2D7EAF175932}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{2285B198-6B1E-F3E9-EDB0-C1211C68788F}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{2BEB569E-121E-8C73-2931-9E16C5B7A19C}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{315397E1-2F75-F176-4C18-ED9C483D3FF6}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{4EDCB943-52FD-DCA9-E183-5F55DA9A7088}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{57D9B64F-0B58-37FC-F1A1-C683E5BAAF24}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{595E7E6F-2779-C942-CAB8-55911996604D}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{60F05B7C-F1F8-D331-4A76-1F7351A82881}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{66E07AD0-5435-6A17-2F75-DA98D6E9D21E}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{7C0A707C-7AC6-61EE-F43C-6F536B0FCB6A}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{868B9A8E-F8FF-0CE7-B336-2B1AF1713C5F}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{86A14507-80FF-D007-7F0E-00B875C226F6}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{87902B7F-B6D3-A213-F6A4-36452B599351}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{8A75EA04-9575-A22B-4FC7-E64CB83DA5F3}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{92B4CAF7-5057-F0CD-49B3-18569D7B5801}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{9A9D9913-F539-B818-1427-A8E89535E89C}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{A013F86E-52B5-8D07-3F4C-C462AEAE9290}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{A1747CDA-DF6E-9351-9646-E4EDFB0652D6}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{A9E6449F-9343-AB84-AD4D-BB624005A22A}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{AC092823-FD87-B7C4-DCAB-C0C0A653982E}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{B35515F4-F23D-5370-7E4F-F0060FB29CBB}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{B4A89AC1-01DB-2590-AA18-58102CF0CE73}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{B58B9B1C-55D9-1746-5D04-4AD3FEBB33BE}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{BEE8C679-3770-D30F-66CC-DEE2C16FBD48}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{BFB28430-59F9-E148-CE91-EFEF55BB49E2}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{CA46CB74-D4B2-9E7F-A17F-D83F0FCBE44D}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{CD1EAA3F-057F-D848-08A8-0D6AFEAC4D1D}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{CF55ABCE-B4BE-B53C-086B-30AC07F33AAC}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{DB309419-3C5C-375B-8765-4F2EE5877F1F}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{DBD57F9A-ADE8-7DB4-DD4A-B28178EFDECE}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{DEE73BDA-597A-B499-19B2-6F569DFF8BCF}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{EADA06E9-6006-2FFD-3A2E-309CEA0EE5DA}
Risk: Medium

Name: Adware.CoolWebSearch
Path: HKLM\SOFTWARE\Classes\CLSID\{EE6513A2-ECF0-EC46-5C08-337375A1D7E6}
Risk: Medium

Name: Adware.180Solutions
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE
Risk: Medium

Name: TrackingCookie.7search
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@7search[2].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@burstnet[2].txt
Risk: Medium

Name: TrackingCookie.Enhance
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@c.enhance[1].txt
Risk: Medium

Name: TrackingCookie.Goclick
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@c.goclick[2].txt
Risk: Medium

Name: TrackingCookie.Connextra
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@connextra[1].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@qksrv[2].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@revenue[1].txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@rotator.adjuggler[1].txt
Risk: Medium

Name: TrackingCookie.Starware
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@starware[2].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@stat.dealtime[2].txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@statse.webtrendslive[2].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@trafficmp[1].txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@z1.adserver[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair howitt@zedo[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@2o7[2].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@ads.adbrite[2].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@advertising[2].txt
Risk: Medium

Name: TrackingCookie.Adviva
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@adviva[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Intelli-direct
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@intelli-direct[1].txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@m.webtrends[1].txt
Risk: Medium

Name: TrackingCookie.Navrcholu
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@navrcholu[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@overture[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@paypal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@questionmarket[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Blair Howitt\Cookies\blair_howitt@tribalfusion[1].txt
Risk: Medium

Name: Trojan.Agent.kpa
Path: C:\Documents and Settings\James Howitt\My Documents\My Received Files\img60-x8-JPEG.zip/picture-977.JPEG-snesnerious-dude@hotmail.com
Risk: High

Name: TrackingCookie.247realmedia
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@ad.yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@adrevolver[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Coremetrics
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@data.coremetrics[1].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@dealtime[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@ehg-dig.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@ehg-iwantoneofthose.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Enhance
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@enhance[2].txt
Risk: Medium

Name: TrackingCookie.Masterstats
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@image.masterstats[1].txt
Risk: Medium

Name: TrackingCookie.Tracking101
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@login.tracking101[2].txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@m.webtrends[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@microsoftwlmailmkt.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@msnaccountservices.112.2o7[2].txt
Risk: Medium

Name: TrackingCookie.Navrcholu
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@navrcholu[1].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@qksrv[2].txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@rotator.adjuggler[1].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@sales.liveperson[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@server.iad.liveperson[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Scott Howitt\Cookies\scott_howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: C:\Documents and Settings\Susan Howitt\Cookies\susan_howitt@m.webtrends[2].txt
Risk: Medium

Name: TrackingCookie.Navrcholu
Path: C:\Documents and Settings\Susan Howitt\Cookies\susan_howitt@navrcholu[2].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,22,2005_15,34,18.zip/james howitt@centrport[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@112.2o7[2].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@adrevolver[1].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@adtech[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@cs.sexcounter[2].txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@cz3.clickzs[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@data2.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Fortunecity
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@fortunecity[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Spylog
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@spylog[1].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@stat.dealtime[1].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@trafficmp[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@tribalfusion[2].txt
Risk: Medium

Name: TrackingCookie.Weborama
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@weborama[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,28,2008_22,40,35.zip/james_howitt@zedo[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@adrevolver[2].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@ads.pointroll[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@carphonewarehouse.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@edge.ru4[2].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Tracking101
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@login.tracking101[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\1,30,2008_21,57,28.zip/james_howitt@zedo[2].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@247realmedia[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@2o7[1].txt
Risk: Medium

Name: TrackingCookie.7search
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@7search[2].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@adtech[1].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@bluestreak[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@bs.serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@c5.zedo[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@cs.sexcounter[2].txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@cz3.clickzs[2].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@edge.ru4[2].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Fortunecity
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@fortunecity[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@overture[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@qksrv[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@revenue[1].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@server.iad.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@stat.dealtime[1].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@valueclick[2].txt
Risk: Medium

Name: TrackingCookie.Weborama
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,14,2005_21,0,44.zip/james howitt@weborama[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Program Files\NoAdware\NoAdwareBackup\10,30,2004_16,18,10.zip/james howitt@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@2o7[2].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@adrevolver[2].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@adtech[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@cz3.clickzs[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@data2.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@edge.ru4[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@questionmarket[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@server.iad.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@stat.dealtime[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@statcounter[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\11,12,2006_15,47,23.zip/james howitt@zedo[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@adrevolver[1].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@adtech[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@americanexpress.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@data2.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@edge.ru4[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Hotlog
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@hotlog[1].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@qksrv[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@questionmarket[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@stat.dealtime[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@tradedoubler[1].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\12,3,2006_14,39,50.zip/james howitt@valueclick[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.180solutions
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@180solutions[2].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@ads.pointroll[2].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@adtech[2].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@as1.falkag[1].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@bluestreak[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Porngraph
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@c.porngraph[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@centrport[1].txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@cs.sexcounter[2].txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@cz3.clickzs[2].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@edge.ru4[2].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Fortunecity
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@fortunecity[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@overture[2].txt
Risk: Medium

Name: TrackingCookie.Paycounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@paycounter[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@qksrv[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@revenue[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@server.iad.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@stat.dealtime[2].txt
Risk: Medium

Name: TrackingCookie.Onestat
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@stat.onestat[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@trafficmp[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@z1.adserver[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,14,2005_21,0,23.zip/james howitt@zedo[2].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@2o7[2].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@adrevolver[1].txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@ads.addynamix[1].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@ads.pointroll[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@overture[1].txt
Risk: Medium

Name: TrackingCookie.Pro-market
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@pro-market[2].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@qksrv[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@revenue[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@server.iad.liveperson[2].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@stat.dealtime[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@tradedoubler[1].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@tribalfusion[2].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\2,24,2008_19,41,3.zip/james_howitt@zedo[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,1,2005_20,18,6.zip/james howitt@247realmedia[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,1,2005_20,18,6.zip/james howitt@2o7[1].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,1,2005_20,18,6.zip/james howitt@bluestreak[1].txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,1,2005_20,18,6.zip/james howitt@cz3.clickzs[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,1,2005_20,18,6.zip/james howitt@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,1,2005_20,18,6.zip/james howitt@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,1,2005_20,18,6.zip/james howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@adrevolver[2].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@adtech[1].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@bluestreak[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@overture[2].txt
Risk: Medium

Name: TrackingCookie.Pro-market
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@pro-market[2].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@qksrv[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@stat.dealtime[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@tribalfusion[2].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\3,17,2008_21,40,25.zip/james_howitt@zedo[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@2o7[2].txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@ads.addynamix[2].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@ads.pointroll[1].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@bluestreak[1].txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@cz4.clickzs[2].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@edge.ru4[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@overture[2].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@qksrv[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,23,2005_22,7,46.zip/james howitt@zedo[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james howitt@paypal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@247realmedia[2].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@adrevolver[1].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@ads.pointroll[1].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@adtech[2].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@bluestreak[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@cs.sexcounter[2].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@edge.ru4[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Fortunecity
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@fortunecity[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@overture[1].txt
Risk: Medium

Name: TrackingCookie.Paycounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@paycounter[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@qksrv[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@server.iad.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@stat.dealtime[1].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@statcounter[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@tribalfusion[2].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@valueclick[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\4,25,2007_22,40,46.zip/james_howitt@zedo[2].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@247realmedia[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@c5.zedo[1].txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@cs.sexcounter[2].txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@cz3.clickzs[2].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@overture[1].txt
Risk: Medium

Name: TrackingCookie.Paycounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@paycounter[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@statcounter[1].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@trafficmp[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,15,2005_16,2,55.zip/james howitt@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,26,2005_21,23,50.zip/james howitt@247realmedia[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,26,2005_21,23,50.zip/james howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\NoAdware\NoAdwareBackup\5,26,2005_21,23,50.zip/james howitt@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\6,24,2005_21,38,17.zip/james howitt@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Program Files\NoAdware\NoAdwareBackup\6,24,2005_21,38,17.zip/james howitt@adtech[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\6,24,2005_21,38,17.zip/james howitt@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\6,24,2005_21,38,17.zip/james howitt@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\6,24,2005_21,38,17.zip/james howitt@tradedoubler[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\7,24,2005_21,42,30.zip/james howitt@247realmedia[2].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Program Files\NoAdware\NoAdwareBackup\7,24,2005_21,42,30.zip/james howitt@ads.pointroll[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\7,24,2005_21,42,30.zip/james howitt@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\7,24,2005_21,42,30.zip/james howitt@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Paycounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\7,24,2005_21,42,30.zip/james howitt@paycounter[2].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Program Files\NoAdware\NoAdwareBackup\7,24,2005_21,42,30.zip/james howitt@revenue[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\7,24,2005_21,42,30.zip/james howitt@statcounter[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\7,24,2005_21,42,30.zip/james howitt@tradedoubler[1].txt
Risk: Medium

Name: TrackingCookie.Realtracker
Path: C:\Program Files\NoAdware\NoAdwareBackup\7,24,2005_21,42,30.zip/james howitt@web4.realtracker[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\7,24,2005_21,42,30.zip/james howitt@zedo[2].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.7search
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@7search[2].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@adtech[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@cs.sexcounter[2].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@overture[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@qksrv[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@questionmarket[2].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@revenue[2].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@stat.dealtime[1].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@statcounter[1].txt
Risk: Medium

Name: TrackingCookie.Reliablestats
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@stats1.reliablestats[2].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\8,13,2005_14,4,28.zip/james howitt@tradedoubler[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,14,30.zip/james howitt@centrport[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,14,30.zip/james howitt@centrport[2].txt
Risk: Medium

Name: TrackingCookie.Sextracker
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,14,30.zip/james howitt@counter1.sextracker[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,14,30.zip/james howitt@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,14,52.zip/james howitt@centrport[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,14,52.zip/james howitt@centrport[2].txt
Risk: Medium

Name: TrackingCookie.Sextracker
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,14,52.zip/james howitt@counter1.sextracker[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,14,52.zip/james howitt@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,15,6.zip/james howitt@centrport[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,15,6.zip/james howitt@centrport[2].txt
Risk: Medium

Name: TrackingCookie.Sextracker
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,15,6.zip/james howitt@counter1.sextracker[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,10,2004_21,15,6.zip/james howitt@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2004_15,7,9.zip/james howitt@centrport[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2004_15,7,9.zip/james howitt@centrport[2].txt
Risk: Medium

Name: TrackingCookie.Sextracker
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2004_15,7,9.zip/james howitt@counter1.sextracker[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2004_15,7,9.zip/james howitt@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@247realmedia[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@2o7[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@adrevolver[2].txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@ads.addynamix[1].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@ads.pointroll[1].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@adtech[2].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@as-us.falkag[2].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@bluestreak[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@bs.serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@cs.sexcounter[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@data1.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@edge.ru4[2].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Hotlog
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@hotlog[1].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@qksrv[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@questionmarket[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@server.iad.liveperson[2].txt
Risk: Medium

Name: TrackingCookie.Spylog
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@spylog[2].txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@stat.dealtime[2].txt
Risk: Medium

Name: TrackingCookie.Onestat
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@stat.onestat[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@statcounter[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@trafficmp[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@tribalfusion[2].txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@vip2.clickzs[2].txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@z1.adserver[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,11,2006_21,5,32.zip/james howitt@zedo[2].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,16,2004_21,37,26.zip/james howitt@centrport[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,16,2004_21,37,26.zip/james howitt@centrport[2].txt
Risk: Medium

Name: TrackingCookie.Sextracker
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,16,2004_21,37,26.zip/james howitt@counter1.sextracker[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,16,2004_21,37,26.zip/james howitt@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,4,2004_13,27,53.zip/james howitt@centrport[2].txt
Risk: Medium

Name: TrackingCookie.Sextracker
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,4,2004_13,27,53.zip/james howitt@counter1.sextracker[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,4,2004_13,27,53.zip/james howitt@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,5,2004_21,52,17.zip/james howitt@centrport[2].txt
Risk: Medium

Name: TrackingCookie.Sextracker
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,5,2004_21,52,17.zip/james howitt@counter1.sextracker[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Program Files\NoAdware\NoAdwareBackup\9,5,2004_21,52,17.zip/james howitt@mediaplex[1].txt
Risk: Medium

Name: Downloader.WinShow.ak
Path: C:\WINDOWS\photoprn.ini:rlnmn
Risk: High

#10 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 17 June 2008 - 02:55 PM

ghowitt

Was that denial from Spybot S&D ?

If so do this


While both Teatimer and SpyBot are closed:
Download ResetTeaTimer.bat to remove all entries set by TeaTimer (and preventing TeaTimer from restoring them upon reactivation).

http://downloads.subratam.org/ResetTeaTimer.bat
Alternate link:
http://www.bleepingcomputer.com/files/lonn...setTeaTimer.bat

Right click and save link as
Save it as resetteatimer.bat
Save it to your Desktop

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Double click on resetteatimer.bat and wait for it to finish

Since it will not be needed again, delete ResetTeaTimer.bat after you run it.
When we are COMPLETELY finished with ALL your fixes, you can turn Teatimer back on again via SpyBot's tools resident page.

1. Rerun Hijackthis (scan only) and place checks beside the following entries
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
Posted Image
Microsoft MVP - Windows Security

#11 ghowitt

ghowitt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 17 June 2008 - 04:32 PM

The folowing entry did not appear so could not delete.

O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup

See new log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:18, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.arabtrust.org.uk/multimedia/bac...ds/arab_thb.gif
O24 - Desktop Component 1: (no name) - http://www.arabtrust.org.uk/multimedia/bac...s/arab_1024.jpg

--
End of file - 11660 bytes

#12 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 18 June 2008 - 09:20 AM

ghowitt

Good work. :thumbsup:

How's your PC running now?
Posted Image
Microsoft MVP - Windows Security

#13 ghowitt

ghowitt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 19 June 2008 - 03:49 PM

Looking good. Thanks very much

Do I re-enable teatimer?

#14 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 20 June 2008 - 02:25 PM

gowhitt

You are most welcome.

Do I re-enable teatimer?


Yes you should

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:
Disable and Enable System RestoreLets create a clean System Restore point
the instructions are here
Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basisTo a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe
Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users