Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

problems with trojans and other stuff...help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

problems with trojans and other stuff...help please

Unread postby footsteps » May 16th, 2006, 2:12 pm

hello, my brother told me about your site and how good it is, could you please check the following logs for me....thankyou.

Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 18:55:44, on 16/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ip.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\iPod Updater 2005-09-23\iPod\bin\iPodService.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\kaylee\Desktop\ANTIVIRUS SPYWARE REMOVERS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... Co3f4rAiGi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {43AE45CB-DDA7-454B-9650-93A4C090BDB8} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [iProtectYou] "C:\WINDOWS\system32\ip.exe" -h
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: palstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'ipsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5003FC82-131F-4DC4-AC82-0C51F05A3C48}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\iPod Updater 2005-09-23\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ewido log:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:50:55, 16/05/2006
+ Report-Checksum: 73AE5C56

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{D5A5A2C7-7C4C-4a60-B507-B62932CE6ADD} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D5A5A2C7-7C4C-4a60-B507-B62932CE6ADD} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-3368898889-3369890766-93709836-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup
HKU\S-1-5-21-3368898889-3369890766-93709836-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup
HKU\S-1-5-21-3368898889-3369890766-93709836-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5A5A2C7-7C4C-4A60-B507-B62932CE6ADD} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Cookies\christopher@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Cookies\christopher@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER\Local Settings\Temp\wh.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@e-2dj6wgkouhcjgap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\christopher the best\Cookies\christopher the best@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\christopher the best\Local Settings\Temp\wh.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Cookies\christopher@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Cookies\christopher@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Cookies\christopher@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Cookies\christopher@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE\Cookies\christopher@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Tem28.tmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Tem86.tmp -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@getmusicfree.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@propertyfinderltd.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@tourismaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@www.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.000\Cookies\christopher@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.9:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.19:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.67:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.68:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.70:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.77:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.79:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.101:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.147:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.148:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.168:C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Mozilla\Firefox\Profiles\xn31j4t1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\JokeSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\JokeSearch\JokeSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Pranks -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Pranks\PranksOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Pranks\PranksOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Recipes -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Recipes\RecipesOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Recipes\RecipesOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\SearchMatch\searchMatchPages -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@adtech[1].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@daredigital.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\CHRISTOPHER.GEORGE.001\Cookies\christopher@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documen
footsteps
Regular Member
 
Posts: 31
Joined: May 16th, 2006, 2:04 pm
Location: Midlands
Top
Advertisement
Register to Remove

Unread postby titan9 » May 16th, 2006, 4:19 pm

Hi :wave:

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an expert. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan
Top

Unread postby titan9 » May 16th, 2006, 7:32 pm

Hi again, Footsteps. Before we do anything, we must first disable Spybot's TeaTimer. To do this:

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Now that we've done that, let's move on. A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

  1. Please download LSPFix from here.
  2. Disconnect from the internet and run the LSPFix.exe that you have just finished downloading.
  3. Check the I know what I'm doing box.
  4. In the Keep box you should see one or more instances of ipsp.dll
  5. Select every instance of ipsp.dll and move each one to the Remove box by clicking the >> button.
  6. When you are done click Finish>>.


Reboot your PC and post a fresh HJT log. :)

NOTE: If you intentionally installed a filter called "iProtectYou", you can ignore the above instructions and reply back saying you installed it. We will then proceed to the next part of the fix.
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan
Top

Unread postby footsteps » May 17th, 2006, 3:51 am

hello titan9 thankyou for answering so promptly, I'm on another pc at the moment but I'd like to ask a question.

The iProtectYou program was put on sometime ago, its like a Net Nanny and I'd like to remove it (my wife gave the kids the password). But I cannot uninstall it because it keeps asking for the password which we now cannot remember or its been altered.

Is there any way we can get rid of it? Add/remove programes does not work.

Will LSP fix get rid of it?

I'll be able to shutdown Teatimer when I get home from work.

Thanks
footsteps
Regular Member
 
Posts: 31
Joined: May 16th, 2006, 2:04 pm
Location: Midlands
Top

Unread postby titan9 » May 17th, 2006, 8:35 am

LSP fix should stop it from working on the net. After you run the fix, we'll get rid of the rest of iProtectYou manually.
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan
Top

Unread postby footsteps » May 20th, 2006, 8:28 am

hi titan9 sorry for the delay in re-plying work has kept me away from the computer. when i ran LSP it found one ipsp.dll wich i removed.

here is my new hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 13:17:01, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\ip.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\iPod Updater 2005-09-23\iPod\bin\iPodService.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\kaylee\My Documents\hyjack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... Co3f4rAiGi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {43AE45CB-DDA7-454B-9650-93A4C090BDB8} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [iProtectYou] "C:\WINDOWS\system32\ip.exe" -h
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: palstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\iPod Updater 2005-09-23\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thank you
footsteps
Regular Member
 
Posts: 31
Joined: May 16th, 2006, 2:04 pm
Location: Midlands
Top

Unread postby titan9 » May 23rd, 2006, 11:07 pm

Hi again, footsteps. Sorry for the delay in response. I have looked over your log and there are some things you should definitely fix. There is also one optional thing, a toolbar called Eyetide. If you did not intentionally download this, it is in your best interest to uninstall it. I have included optional instructions below to uninstall Eyetide. Note the lines in HJT. If you intend to uninstall Eyetide, select the lines in HJT. If not, don't select them.

Please go here to read the Eyetide privacy policy.

Please download the Killbox.
Unzip it to the desktop.

Next, open HJT and select the following lines:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... Co3f4rAiGi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: ShowBarObj Class - {43AE45CB-DDA7-454B-9650-93A4C090BDB8} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll <--------------Optional
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Program Files\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll <--------------Optional
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iProtectYou] "C:\WINDOWS\system32\ip.exe" -h

Press "Fix". Close HJT.
-------------------------------------------

Next, double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following lines (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ip.exe

Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
------------------------------------------

If you wish to uninstall Eyetide, please go to start>settings>control panel>add/remove programs and remove the following:
Eyetide Media Toolbar

-----------------------------------------

Reboot your PC and post a fresh HJT log.
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan
Top

Unread postby footsteps » May 25th, 2006, 12:01 pm

hi titan9, I've deleted what you asked from Hijackthis log and Killbox. I've also uninstalled Eyetide via add/remove programs.

here's my latest hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 16:55:17, on 25/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\iPod Updater 2005-09-23\iPod\bin\iPodService.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\kaylee\My Documents\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: palstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5003FC82-131F-4DC4-AC82-0C51F05A3C48}: NameServer = 195.92.195.94 195.92.195.95
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\iPod Updater 2005-09-23\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

has iprotectyou now gone? Can I safely internet bank ?

Thanks Dave :)
footsteps
Regular Member
 
Posts: 31
Joined: May 16th, 2006, 2:04 pm
Location: Midlands
Top

Unread postby titan9 » May 26th, 2006, 10:59 am

Without checking with an expert, I can't say for sure that it is gone. But it does appear that way. I'm going to check with an expert on that. I'll be gone until Monday, so my next response won't be posted until then.

Thanks for your patience! :)
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan
Top

Unread postby footsteps » May 27th, 2006, 3:20 am

Hi titan9, I'm happy too wait. Have a great weekend. :lol:

Dave
footsteps
Regular Member
 
Posts: 31
Joined: May 16th, 2006, 2:04 pm
Location: Midlands
Top

Unread postby titan9 » May 29th, 2006, 8:53 pm

Hi again, Dave. After checking with an expert, it does appear that iProtectYou is gone from your PC. However, our work is not done yet. Let's now get rid of a trojan present on your PC.

Open HJT and with all browser windows closed, select the following line:

O4 - Global Startup: palstart.exe

Press "Fix".

-------------------------------------

Now, double-click Killbox.exe(on your desktop) to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

Reboot your PC and post a fresh HJT log. :)
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan
Top

Unread postby footsteps » June 13th, 2006, 11:46 am

Hello titan9, first of all I must humbly appologise for not getting back to you sooner. Currently I am unable to get onto my pc for a while (I'm typing this on my brothers).

Could you please leave my posting open and I will endevour to get on my pc asap.

Thankyou for your help,

dave
footsteps
Regular Member
 
Posts: 31
Joined: May 16th, 2006, 2:04 pm
Location: Midlands
Top

Unread postby titan9 » June 13th, 2006, 5:49 pm

Sure thing. :)
User avatar
titan9
Regular Member
 
Posts: 451
Joined: January 17th, 2006, 3:01 pm
Location: Michigan
Top

Unread postby 'KotaGuy » July 11th, 2006, 6:02 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 135 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index