Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

How can I remove traces of adware from the registry?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

How can I remove traces of adware from the registry?

Unread postby batfink » October 24th, 2006, 7:43 am

Within the last week I have run Kaspersky and AVG Anti-Spyware to clean up my pc after getting a virus (setup_toolBar.exe) that Norton couldn't remove. In actual fact Kaspersky and AVG detected several viruses that had been present on my pc since 2002 (despite having Norton Anti-Virus installed and fully up-to-date with virus definitions since I bought the pc in 2002). AVG successfully removed these and this was confirmed by my last Kaspersky log. AVG did flag 2 adware traces in the registry but I don't know how to get rid of these. Can you help me remove these please?

I consider myself to be very security conscious and try to protect my pc as best as I can. Having found that Norton hasn't detected some viruses on my pc, I have lost faith in it now and would like some guidance from you on what programs I should use to protect myself. Thanks.
batfink
Active Member
 
Posts: 10
Joined: October 23rd, 2006, 7:38 am
Location: Cambs
Advertisement
Register to Remove

Re: How can I remove traces of adware from the registry?

Unread postby Navigator » October 24th, 2006, 10:22 am

batfink wrote:Within the last week I have run Kaspersky and AVG Anti-Spyware to clean up my pc after getting a virus (setup_toolBar.exe) that Norton couldn't remove. In actual fact Kaspersky and AVG detected several viruses that had been present on my pc since 2002 (despite having Norton Anti-Virus installed and fully up-to-date with virus definitions since I bought the pc in 2002). AVG successfully removed these and this was confirmed by my last Kaspersky log. AVG did flag 2 adware traces in the registry but I don't know how to get rid of these. Can you help me remove these please?


Possibly...but we'd need all the information you have as to the location of the registry entries or else have to do a search. Sometimes stray registry entries located by security programs cause no problems, so it is not imperative that they be removed...more on this later.

batfink wrote:I consider myself to be very security conscious and try to protect my pc as best as I can. Having found that Norton hasn't detected some viruses on my pc, I have lost faith in it now and would like some guidance from you on what programs I should use to protect myself. Thanks.


That's good! After we are sure your computer is 'clean' we can go through other options for AV/security programs if you are dissatisfied with Norton. I will caution you though...occasionally removing malware is easier than removing a Symantec security product from your system (only half-kidding)...

I never like to assume anything, so let's start from scratch and make sure your system is really 'clean' except for those registry entries:

Please do this:

Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop
  • By default it will install to C:\Program Files\Hijack This
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit>Select All; then click on Edit>Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Re: How can I remove traces of adware from the registry?

Unread postby batfink » October 24th, 2006, 1:50 pm

Here is my Hijack This log as requested...

Logfile of HijackThis v1.99.1
Scan saved at 18:45:40, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\mrtMngr.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Basic\Search Bar.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat 1.3 - http://cs8.chat.sc5.yahoo.com/c174/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EP ... _v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75EB6A7F-2522-4E01-B3D0-83CCF3CECC48}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E26C63E-5257-48CE-B6D2-AC579F71F35E}: NameServer = 192.168.1.1
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
batfink
Active Member
 
Posts: 10
Joined: October 23rd, 2006, 7:38 am
Location: Cambs

Unread postby Navigator » October 24th, 2006, 2:19 pm

Great batfink....that HJT log appears 'clean'.

Can you give me the AVG log where it listed the adware registry entries? I believe there is a log storage component with AVG/Ewido, so look for it and post it here if you can.

Also, let's do this online scan to see what information it reveals about any registry entries:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


We may need to dig a bit deeper, but this is a good starting point...
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby batfink » October 25th, 2006, 2:43 pm

Hi Navigator,

Many thanks for your quick reply. Below is the AVG log you requested. I will post the Panda scan log as soon as it finishes.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:25:38 19/10/2006

+ Scan result:



HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.109:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.110:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.166:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.167:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.53:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.54:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.83:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.168:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.169:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.170:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.55:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.81:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.14:C:\Documents and Settings\Darren\Application Data\Mozilla\Firefox\Profiles\mku4f4mt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.31:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.34:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.45:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.82:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.38:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.80:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.131:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.132:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.186:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.255:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.189:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.190:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.258:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.259:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.12:C:\Documents and Settings\Darren\Application Data\Mozilla\Firefox\Profiles\mku4f4mt.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.39:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.194:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.263:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.203:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.164:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.234:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.181:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.108:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.197:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.266:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.27:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.28:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@ehg-debenhams.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.74:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.75:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.76:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.77:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.205:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.274:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.44:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.45:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.102:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.168:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.170:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.62:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.67:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.72:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.230:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.176:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.177:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.246:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.247:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.173:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.174:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.175:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.61:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.63:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.64:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.204:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.172:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.46:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.151:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.153:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.154:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.227:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.228:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.229:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.230:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@counter11.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.122:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.123:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.159:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.160:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.222:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.267:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.268:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.306:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.307:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.234:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@starware[2].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.100:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.21:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.22:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.235:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.23:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.133:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.134:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.132:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.133:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.240:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.241:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.42:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.60:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.62:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.117:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.242:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.297:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.98:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.196:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.197:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.202:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.157:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.158:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.176:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.189:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.190:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.206:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.207:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.211:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.212:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.215:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.216:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.24:C:\Documents and Settings\Darren\Application Data\Mozilla\Firefox\Profiles\mku4f4mt.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.47:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Darren\Cookies\darren@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.119:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.120:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\Darren\Application Data\Phoenix\Profiles\default\d38xvf3q.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.129:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.130:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.131:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.249:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.250:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.251:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.252:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.253:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.246:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.247:C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.300:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
:( :(
batfink
Active Member
 
Posts: 10
Joined: October 23rd, 2006, 7:38 am
Location: Cambs

Unread postby batfink » October 25th, 2006, 4:42 pm

Navigator, below is Panda's ActiveScan Log (completed at 21.30 25 Oct 06).

I have no idea how to interpret any of this but I can see some references to Kazaa. If possible I would like to remove all traces of this. I only used it briefly and then uninstalled it maybe 2 years ago. I have no need for it now.

Grateful for your advice on what this means..... :)


Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Adware:adware/cws Not disinfected C:\Documents and Settings\Mark\Favorites\Health
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Darren\Cookies\darren@c3.gostats[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Darren\Cookies\darren@ccbill[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Darren\Cookies\darren@gostats[2].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Darren\Cookies\darren@outster[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Darren\Cookies\darren@xmts[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt[.belnk.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\h3oi2x3u.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt[.xiti.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Mark\Application Data\Phoenix\Profiles\default\fmxqr307.slt\cookies.txt[hc2.humanclick.com/hc/54491665]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Mark\Cookies\mark@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Mark\Cookies\mark@desktop.kazaa[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mark\Cookies\mark@go[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Mark\Cookies\mark@outster[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Mark\Cookies\mark@rn11[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mark\Cookies\mark@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Mark\Cookies\mark@xmts[1].txt
batfink
Active Member
 
Posts: 10
Joined: October 23rd, 2006, 7:38 am
Location: Cambs

Unread postby Navigator » October 25th, 2006, 6:42 pm

batfink wrote:Navigator, below is Panda's ActiveScan Log (completed at 21.30 25 Oct 06).

I have no idea how to interpret any of this but I can see some references to Kazaa. If possible I would like to remove all traces of this. I only used it briefly and then uninstalled it maybe 2 years ago. I have no need for it now.

Grateful for your advice on what this means..... :)



You are welcome...

The only Kazaa references I see in those logs are some cookies which are relatively harmless, and we'll delete/remove them in a minute. In fact, most of what is contained in the scans are cookies...

AVG/Ewido cleaned all it found (including three registry entreis), you can 'remove' the quarantined entries by clicking the "Quarantine" tab, choose "Select All" and click "Remove finally". ...

The only registry entries I see from Panda are these two:

Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}


They appear to be strays, but we can remove them if you'd like. I do not see the 'two adware registry entries' you mentioned that weren't cleaned from the AVG scan (your original post).

Let's clean out the cookies and temp files, and then remove those registry entries:

1. Clear IE's Cookies and Cache

  • Close all instances of Outlook Express and Internet Explorer.
  • Go to Control Panel » Internet Options » General tab.
  • Click Delete Cookies.
  • Next to it, Click the Delete Files button.
  • When prompted, place a check in: Delete all offline content, click OK.

Clear Firefox' Cookies

  • Open Firefox.
  • Click Tools » Options.
  • Click the Privacy tab, then the Cookies tab.
  • Click the Clear Cookies Now button.
  • Then click OK to exit.

Clean Temporary Files

  • Go to Start » Run » type: cleanmgr » OK.
  • Choose (C: ) and then click OK.
  • Make sure these are the only ones that are checked :

    • Temporary Internet Files
    • Temporary Files
    • Recycle Bin
  • Click OK to remove them.
  • Click Yes to confirm the deletion.

2. Please do this:
  • Copy the contents of the Quote Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop

REGEDIT4

[-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM]
[-HKEY_CLASSES_ROOT\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}]



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear the registry entries left behind by the malware.

3. Let me know how your computer is running and if you are having any problems...I don't think you'll be having any as the HJT log is clean and the scans we've done are relatively clean also.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby batfink » October 30th, 2006, 5:22 pm

I have just carried out your latest instructions and will post back in a day or so and let you know how the pc is. Many thanks.
batfink
Active Member
 
Posts: 10
Joined: October 23rd, 2006, 7:38 am
Location: Cambs

Unread postby batfink » November 1st, 2006, 4:50 pm

Navigator,

The PC appears to be functioning perfectly well since I carried out your last set of instructions. If we're done with cleaning it up, can you help me with going through other options for AV/security programs as I don't want to renew my subscription to Norton (which expires on 3rd December).

Just so you are aware, I have a dial-up internet connection so any online scanners can take me 2 or more hours to download the virus definitions and then run the scan. If there are programs to be downloaded, I use my work's broadband connection and save the files to my usb flash drive.

AVG Anti-Spyware and Trojan Hunter which are currently installed are in the 30 day trial period so that will end soon.

If you could also give me advice on how to remove Norton (as much as possible) I'd be really grateful. Although from your first post, it sounds like this is REALLY difficult.
batfink
Active Member
 
Posts: 10
Joined: October 23rd, 2006, 7:38 am
Location: Cambs

Unread postby whisperer » November 1st, 2006, 5:24 pm

Hi Batfink,

Navigator is away for the week and I promised to keep an eye on his threads for him, if you wish I will give you some guidance on protection and Norton removal.

If you wish to wait for Navigator to return then he could be back on line again on Saturday

Best wishes

GT :thumbup:
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Unread postby batfink » November 1st, 2006, 7:05 pm

Hi Whisperer,

I will happily accept your offer of help. Thank you. :)
batfink
Active Member
 
Posts: 10
Joined: October 23rd, 2006, 7:38 am
Location: Cambs

Unread postby whisperer » November 2nd, 2006, 6:13 am

batfink,

One final check please. Please forward an up-to-date copy of HijackThis so that I may confirm that it is as clean as the original.

GT :thumbup:
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Unread postby batfink » November 2nd, 2006, 5:56 pm

whisperer,

Here is an up-to-date HijackThis log you requested. I really appreciate your help with this :)

Logfile of HijackThis v1.99.1
Scan saved at 21:27:29, on 02/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Basic\Search Bar.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat 1.3 - http://cs8.chat.sc5.yahoo.com/c174/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EP ... _v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75EB6A7F-2522-4E01-B3D0-83CCF3CECC48}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E26C63E-5257-48CE-B6D2-AC579F71F35E}: NameServer = 192.168.1.1
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
batfink
Active Member
 
Posts: 10
Joined: October 23rd, 2006, 7:38 am
Location: Cambs

Unread postby whisperer » November 2nd, 2006, 6:13 pm

Hi Batfink,

Well done, your computer appears to still be clean. Just a tidy up required. First we make sure that any files in a System Restore point can not re-infect your computer by removing all old system restore points.
  1. Select the Start button and from the available options
  2. Right-click the My Computer option and select Properties.
  3. Click on the System Restore tab.
  4. Check the box against Turn off System Restore on all drives. Click OK
  5. Click Yes to confirm, then restart the computer
  6. After the restart, re-enable System Restore by following steps a-c, but in step c, click to clear the Turn off System Restore on all drives. check box.

Preventative measures

The following recommendations are a modified post where I have removed elements that I know that you already have. I have retained those that I am uncertain about.

  1. Firstly Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options .
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  2. You might consider switching your Browser to Firefox as it is less susceptible to attack
  3. Please download the following 2 free complementary programmes. These should be run at least once every two weeks after updating.
    • Spybot S & D scans for spyware and other malicious programs. Spybot has preventative tools that stop programs from even installing on your computer. A tutorial can be found here
    • AdAware scans for known spyware on your computer. A tutorial can be found here
  4. In addition I would suggest that you install the following 3 free programs, keep these updated as they are background tools
    1. SpywareBlaster - will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial can be found here
    2. SpywareGuard - provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method; it scans files before you open them and prevents execution if spyware is detected. It also features Download Protection and Browser Hijacking Protection. A tutorial can be found here
    3. IE-SpyAd puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. A tutorial is available here
  5. A Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. A tutorial can be found http://www.mvps.org/winhelp2002/hosts.htm which has the MVPS Hosts File on site. Furthermore the website contains useful tips and links to other resources and utilities.

    Bluetack's Hosts File and Hosts Manager - contains most if not all the known spyware sites, sites responsible for hijacks, rogue applications etc... Download Bluetack's Hosts file here and the Hosts Manager here
  6. WinPatrol - uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files. You can read more about ithere with a download from here
  7. Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware". You will find the list here
  8. You have intimated that you wish to change your AntiVirus programme, as with a Firewall, this is an essential element in your protection against Malware. Go to AVG , scroll to the bottom of the page and download the free programme
  9. Windows Updates – It is very important to ensure that Internet Explorer and Windows are kept up to date with the latest critical security patches from Microsoft. Click on the Start button and select Windows Update, follow the online instructions from there.
  10. On a similar vein do ensure that all of your Anti-Virus and Anti-Malware software are also kept up to date.


Next post will be for action when you decide to totally remove Nortons

GT :thumbup:
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Unread postby whisperer » November 2nd, 2006, 6:19 pm

I suggest that you do an uninstall of the Nortons first then follow up with these steps although this will remove them anyway.

Completely Remove Symantec Products

If this is the situation you find yourself in, or if you are planning to upgrade your Norton product, use the instructions below to completely remove all Norton (Symantec) products from your computer.

Note: Following the directions below will remove ALL of the listed Norton and Symantec products from your computer. If you have multiple Norton or Symantec products on your computer that are listed below, and you do not want ALL of them removed, seek the help of a professional computer repair service centre OR have the re-installation disks available.

These instructions will remove ALL of the following Symantec Norton programs from your computer.
    Symantec Norton Antivirus 2004/2005/2006
    Symantec Norton Antivirus 3, 5 and 10 User Pack 2004/2005/2006
    Symantec Norton GoBack 3.1/3.5/3.6/4.0/4.1
    Symantec Norton SystemWorks 2004 Professional Edition
    Symantec Norton SystemWorks 2005/2006 Premier
    Symantec Norton SystemWorks 2004/2005/2006
    Symantec Norton SystemWorks 2006 Basic Edition
    Symantec Norton Password Manager 2004
    Symantec Norton Internet Security 2004/2005/2006
    Symantec Norton Internet Security 5 and 10 User Pack 2004/2005/2006
    Symantec Norton Internet Security 2005 AntiSpyware Edition 8.2
    Symantec Norton Personal Firewall 2004/2005/2006
    Symantec Norton AntiSpam 2004/2005
    Symantec Norton Ghost 2003/9.0/10.0
Once you are certain that you want to completely remove all Symantec Norton products from your computer, you need to download the Symantec Norton removal tool here and save to your Desktop. This is a tool designed by Symantec to save users who are caught in no man's land. It simply looks for, and removes all Norton files and registry entries that could cause a problem with your new installation.

Note: Please either print these instructions, or save them in a Notepad file on your desktop before you continue. You will need to restart your computer numerous times to complete this process, and when you do so, this window will close.

Now open the Symantec Norton removal tool (SYMNRT.exe) file that you saved on your Windows desktop. Follow the on-screen instructions. The program will ask you to enter a code to ensure that you are a human and not an automated program. Once you have correctly entered the code, the program will proceed to remove all Symantec Norton programs from your computer.

After the SYMNRT.exe program has completed its processes, you should be asked to restart. Although the program does not ask you to do so, it has been found that a second restart is sometimes required for all files to be removed completely please reboot one more time.

You can now delete the Symantec Norton removal tool file from your desktop if you wish. To do this, right-click on SYMNRT.exe file, and then click delete. Click Yes to confirm the deletion.

Now you need to check for some folders that may have not been automatically removed. Open windows explorer and navigate to the C:\Program Files folder and delete any of the following folders that are present:
    Symantec Norton Antivirus
    Symantec Norton Internet Security
    Symantec Norton SystemWorks
    Symantec Norton Personal Firewall

Last but not least, you need to download and run one final file. In some cases, older Symantec files may survive the Symantec Norton removal tool cleanup.

To eliminate these files for Internet Explorer users, download the Symantec Norton MSI cleanup file SYMMSICLEANUP.reg here and save it to your desktop; if you use the Firefox browser, you will need to download a different file to accomplish this task. Firefox users, please download this file

Double click on the file to run it and click Yes to any security warnings that appear.

All that's left is one last restart and you should be clean.
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 494 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware