[Closed] Suspected malware or virus

By oldschooltie
Sep 4, 2011
Topic Status:
Not open for further replies.
  1. oldschooltie

    oldschooltie Newcomer, in training Topic Starter Posts: 68

    Hijack log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 09:08:02, on 22/10/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/start?.pd=l=anthonygodfrey11@btinternet.com&c=K1gXhD2p2e7uH.80E1C6CGax
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNjg4NjgxMTE5LVZJUCsxLVNQMSsxLUZMMTArMS1YTzEwKzExLVRVRyszLUREVCsxNjE1MC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzE"&"prod=90"&"ver=10.0.1392
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Facebook Update] "D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} (DynamicWebTwain Class) - https://xchecker.reed.co.uk/Scanning/DynamicWebTwain.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: KKSJF - Unknown owner - D:\DOCUME~1\Owner\LOCALS~1\Temp\KKSJF.exe (file missing)
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 9880 bytes
  2. oldschooltie

    oldschooltie Newcomer, in training Topic Starter Posts: 68

    SAS log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/22/2011 at 12:29 PM

    Application Version : 5.0.1134

    Core Rules Database Version : 7837
    Trace Rules Database Version: 5649

    Scan type : Complete Scan
    Total Scan Time : 00:40:48

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 612
    Memory threats detected : 0
    Registry items scanned : 39008
    Registry threats detected : 4
    File items scanned : 38445
    File threats detected : 392

    Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=287&q={searchTerms} ]
    HKU\S-1-5-19_Classes\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=287&q={searchTerms} ]
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=287&q={searchTerms} ]
    HKU\S-1-5-20_Classes\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=287&q={searchTerms} ]

    Adware.Tracking Cookie
    D:\Documents and Settings\Owner\Cookies\owner@112.2o7[2].txt [ /112.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@122.2o7[2].txt [ /122.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt [ /2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@ad.doubleclick[2].txt [ /ad.doubleclick ]
    D:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
    D:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
    D:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[3].txt [ /ad.yieldmanager ]
    D:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[4].txt [ /ad.yieldmanager ]
    D:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[5].txt [ /ad.yieldmanager ]
    D:\Documents and Settings\Owner\Cookies\owner@ad.zanox[1].txt [ /ad.zanox ]
    D:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[2].txt [ /ads.as4x.tmcs.ticketmaster ]
    D:\Documents and Settings\Owner\Cookies\owner@ads.monster[1].txt [ /ads.monster ]
    D:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt [ /ads.pointroll ]
    D:\Documents and Settings\Owner\Cookies\owner@ads.us.e-planning[2].txt [ /ads.us.e-planning ]
    D:\Documents and Settings\Owner\Cookies\owner@ads.wbimg[1].txt [ /ads.wbimg ]
    D:\Documents and Settings\Owner\Cookies\owner@adserver.simplylawjobs[1].txt [ /adserver.simplylawjobs ]
    D:\Documents and Settings\Owner\Cookies\owner@adserver.simplyofficejobs.co[2].txt [ /adserver.simplyofficejobs.co ]
    D:\Documents and Settings\Owner\Cookies\owner@adserver.simplysalesandmarketing.co[2].txt [ /adserver.simplysalesandmarketing.co ]
    D:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt [ /adtech ]
    D:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt [ /advertising ]
    D:\Documents and Settings\Owner\Cookies\owner@adxpose[1].txt [ /adxpose ]
    D:\Documents and Settings\Owner\Cookies\owner@affiliates.commissionaccount[2].txt [ /affiliates.commissionaccount ]
    D:\Documents and Settings\Owner\Cookies\owner@aimfar.solution.weborama[1].txt [ /aimfar.solution.weborama ]
    D:\Documents and Settings\Owner\Cookies\owner@anrtx.tacoda[1].txt [ /anrtx.tacoda ]
    D:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt [ /apmebf ]
    D:\Documents and Settings\Owner\Cookies\owner@apmebf[3].txt [ /apmebf ]
    D:\Documents and Settings\Owner\Cookies\owner@apmebf[4].txt [ /apmebf ]
    D:\Documents and Settings\Owner\Cookies\owner@archant.122.2o7[1].txt [ /archant.122.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@associatednorthcliffedigital.122.2o7[1].txt [ /associatednorthcliffedigital.122.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt [ /atdmt ]
    D:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt [ /atdmt ]
    D:\Documents and Settings\Owner\Cookies\owner@atdmt[3].txt [ /atdmt ]
    D:\Documents and Settings\Owner\Cookies\owner@atdmt[4].txt [ /atdmt ]
    D:\Documents and Settings\Owner\Cookies\owner@atdmt[5].txt [ /atdmt ]
    D:\Documents and Settings\Owner\Cookies\owner@atdmt[6].txt [ /atdmt ]
    D:\Documents and Settings\Owner\Cookies\owner@atdmt[8].txt [ /atdmt ]
    D:\Documents and Settings\Owner\Cookies\owner@atdmt[9].txt [ /atdmt ]
    D:\Documents and Settings\Owner\Cookies\owner@audience2media[1].txt [ /audience2media ]
    D:\Documents and Settings\Owner\Cookies\owner@austrianairlines.122.2o7[1].txt [ /austrianairlines.122.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt [ /azjmp ]
    D:\Documents and Settings\Owner\Cookies\owner@bizrate.co[1].txt [ /bizrate.co ]
    D:\Documents and Settings\Owner\Cookies\owner@bonniercorp.122.2o7[1].txt [ /bonniercorp.122.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt [ /bravenet ]
    D:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt [ /bs.serving-sys ]
    D:\Documents and Settings\Owner\Cookies\owner@clickcompare[1].txt [ /clickcompare ]
    D:\Documents and Settings\Owner\Cookies\owner@clickintext[2].txt [ /clickintext ]
    D:\Documents and Settings\Owner\Cookies\owner@clk.adgatemedia[2].txt [ /clk.adgatemedia ]
    D:\Documents and Settings\Owner\Cookies\owner@collective-media[2].txt [ /collective-media ]
    D:\Documents and Settings\Owner\Cookies\owner@collector.thermstats[2].txt [ /collector.thermstats ]
    D:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[1].txt [ /content.yieldmanager ]
    D:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[2].txt [ /content.yieldmanager ]
    D:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[3].txt [ /content.yieldmanager ]
    D:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[4].txt [ /content.yieldmanager ]
    D:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[5].txt [ /content.yieldmanager ]
    D:\Documents and Settings\Owner\Cookies\owner@counter.surfcounters[1].txt [ /counter.surfcounters ]
    D:\Documents and Settings\Owner\Cookies\owner@counters.gigya[1].txt [ /counters.gigya ]
    D:\Documents and Settings\Owner\Cookies\owner@countryshowguide.co[1].txt [ /countryshowguide.co ]
    D:\Documents and Settings\Owner\Cookies\owner@dealtime[1].txt [ /dealtime ]
    D:\Documents and Settings\Owner\Cookies\owner@dmtracker[1].txt [ /dmtracker ]
    D:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt [ /doubleclick ]
    D:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt [ /doubleclick ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6aek4ggcpsbp.stats.esomniture[2].txt [ /e-2dj6aek4ggcpsbp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6aekighcpifo.stats.esomniture[2].txt [ /e-2dj6aekighcpifo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6aekoaldpclq.stats.esomniture[2].txt [ /e-2dj6aekoaldpclq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6aekygoazoao.stats.esomniture[2].txt [ /e-2dj6aekygoazoao.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6aekyuidpceq.stats.esomniture[1].txt [ /e-2dj6aekyuidpceq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6aekyuodpabo.stats.esomniture[2].txt [ /e-2dj6aekyuodpabo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6aeliagazmbp.stats.esomniture[1].txt [ /e-2dj6aeliagazmbp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6aeloclajsdp.stats.esomniture[2].txt [ /e-2dj6aeloclajsdp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6aeloojcpcgo.stats.esomniture[2].txt [ /e-2dj6aeloojcpcgo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6aelyamajofp.stats.esomniture[2].txt [ /e-2dj6aelyamajofp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wak4ukczslp.stats.esomniture[2].txt [ /e-2dj6wak4ukczslp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wakiuldpebq.stats.esomniture[2].txt [ /e-2dj6wakiuldpebq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wal4anczieo.stats.esomniture[2].txt [ /e-2dj6wal4anczieo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wckycgcpweq.stats.esomniture[1].txt [ /e-2dj6wckycgcpweq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wclysmd5kbp.stats.esomniture[2].txt [ /e-2dj6wclysmd5kbp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wdkykodpakp.stats.esomniture[2].txt [ /e-2dj6wdkykodpakp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wdlyuod5olo.stats.esomniture[2].txt [ /e-2dj6wdlyuod5olo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoenc5saq.stats.esomniture[2].txt [ /e-2dj6wfkoenc5saq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkogpc5map.stats.esomniture[2].txt [ /e-2dj6wfkogpc5map.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoqhajgdo.stats.esomniture[1].txt [ /e-2dj6wfkoqhajgdo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoslajidq.stats.esomniture[2].txt [ /e-2dj6wfkoslajidq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkosmc5ieo.stats.esomniture[1].txt [ /e-2dj6wfkosmc5ieo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyqod5iko.stats.esomniture[2].txt [ /e-2dj6wfkyqod5iko.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyshd5sep.stats.esomniture[2].txt [ /e-2dj6wfkyshd5sep.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4woczsfo.stats.esomniture[2].txt [ /e-2dj6wfl4woczsfo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfligodjeco.stats.esomniture[2].txt [ /e-2dj6wfligodjeco.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliwndzaco.stats.esomniture[2].txt [ /e-2dj6wfliwndzaco.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfloaocjgfp.stats.esomniture[1].txt [ /e-2dj6wfloaocjgfp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiqoc5kgq.stats.esomniture[2].txt [ /e-2dj6wfmiqoc5kgq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgk4aodzeco.stats.esomniture[1].txt [ /e-2dj6wgk4aodzeco.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgk4kidzmgo.stats.esomniture[2].txt [ /e-2dj6wgk4kidzmgo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkiqodzogp.stats.esomniture[2].txt [ /e-2dj6wgkiqodzogp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkisoczcao.stats.esomniture[2].txt [ /e-2dj6wgkisoczcao.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkyomd5wcp.stats.esomniture[2].txt [ /e-2dj6wgkyomd5wcp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgmighcpoko.stats.esomniture[2].txt [ /e-2dj6wgmighcpoko.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6whkykocziap.stats.esomniture[2].txt [ /e-2dj6whkykocziap.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4aoczoko.stats.esomniture[2].txt [ /e-2dj6wjk4aoczoko.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4ghcpkco.stats.esomniture[2].txt [ /e-2dj6wjk4ghcpkco.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4koajshp.stats.esomniture[2].txt [ /e-2dj6wjl4koajshp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyugdpggo.stats.esomniture[1].txt [ /e-2dj6wjlyugdpggo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmicid5geo.stats.esomniture[2].txt [ /e-2dj6wjmicid5geo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wmkikodpeeo.stats.esomniture[2].txt [ /e-2dj6wmkikodpeeo.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wmkyakazahp.stats.esomniture[1].txt [ /e-2dj6wmkyakazahp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wml4elajcdq.stats.esomniture[2].txt [ /e-2dj6wml4elajcdq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wmmiegdpgkq.stats.esomniture[2].txt [ /e-2dj6wmmiegdpgkq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wnl4wlajibp.stats.esomniture[2].txt [ /e-2dj6wnl4wlajibp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wnligkd5cho.stats.esomniture[2].txt [ /e-2dj6wnligkd5cho.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wnmycjczkbq.stats.esomniture[2].txt [ /e-2dj6wnmycjczkbq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wnmygnczekq.stats.esomniture[2].txt [ /e-2dj6wnmygnczekq.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@e-2dj6wnmyupcjmbp.stats.esomniture[1].txt [ /e-2dj6wnmyupcjmbp.stats.esomniture ]
    D:\Documents and Settings\Owner\Cookies\owner@ehg-capitalgroup.hitbox[2].txt [ /ehg-capitalgroup.hitbox ]
    D:\Documents and Settings\Owner\Cookies\owner@ehg-reed.hitbox[2].txt [ /ehg-reed.hitbox ]
    D:\Documents and Settings\Owner\Cookies\owner@facemediagroup.co[1].txt [ /facemediagroup.co ]
    D:\Documents and Settings\Owner\Cookies\owner@findarticles[2].txt [ /findarticles ]
    D:\Documents and Settings\Owner\Cookies\owner@freefind[1].txt [ /freefind ]
    D:\Documents and Settings\Owner\Cookies\owner@gostats[1].txt [ /gostats ]
    D:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt [ /hitbox ]
    D:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt [ /imrworldwide ]
    D:\Documents and Settings\Owner\Cookies\owner@imrworldwide[3].txt [ /imrworldwide ]
    D:\Documents and Settings\Owner\Cookies\owner@imrworldwide[4].txt [ /imrworldwide ]
    D:\Documents and Settings\Owner\Cookies\owner@in.getclicky[1].txt [ /in.getclicky ]
    D:\Documents and Settings\Owner\Cookies\owner@insight.youtube[2].txt [ /insight.youtube ]
    D:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt [ /insightexpressai ]
    D:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt [ /interclick ]
    D:\Documents and Settings\Owner\Cookies\owner@invitemedia[2].txt [ /invitemedia ]
    D:\Documents and Settings\Owner\Cookies\owner@jobs.thisisscunthorpe.co[2].txt [ /jobs.thisisscunthorpe.co ]
    D:\Documents and Settings\Owner\Cookies\owner@jsfp.coremetrics[1].txt [ /jsfp.coremetrics ]
    D:\Documents and Settings\Owner\Cookies\owner@kontera[1].txt [ /kontera ]
    D:\Documents and Settings\Owner\Cookies\owner@leadxml[1].txt [ /leadxml ]
    D:\Documents and Settings\Owner\Cookies\owner@lfstmedia[2].txt [ /lfstmedia ]
    D:\Documents and Settings\Owner\Cookies\owner@lg2.solution.weborama[2].txt [ /lg2.solution.weborama ]
    D:\Documents and Settings\Owner\Cookies\owner@linktrack[2].txt [ /linktrack ]
    D:\Documents and Settings\Owner\Cookies\owner@liveperson[1].txt [ /liveperson ]
    D:\Documents and Settings\Owner\Cookies\owner@liveperson[3].txt [ /liveperson ]
    D:\Documents and Settings\Owner\Cookies\owner@liveperson[4].txt [ /liveperson ]
    D:\Documents and Settings\Owner\Cookies\owner@media.sensis.com[1].txt [ /media.sensis.com ]
    D:\Documents and Settings\Owner\Cookies\owner@media6degrees[1].txt [ /media6degrees ]
    D:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt [ /media6degrees ]
    D:\Documents and Settings\Owner\Cookies\owner@mediabrandsww[1].txt [ /mediabrandsww ]
    D:\Documents and Settings\Owner\Cookies\owner@mediabrandsww[2].txt [ /mediabrandsww ]
    D:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt [ /mediaplex ]
    D:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt [ /mediaplex ]
    D:\Documents and Settings\Owner\Cookies\owner@mediaplex[3].txt [ /mediaplex ]
    D:\Documents and Settings\Owner\Cookies\owner@mediaplex[4].txt [ /mediaplex ]
    D:\Documents and Settings\Owner\Cookies\owner@microsoftinternetexplorer.112.2o7[1].txt [ /microsoftinternetexplorer.112.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@microsoftsto.112.2o7[1].txt [ /microsoftsto.112.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt [ /nextag ]
    D:\Documents and Settings\Owner\Cookies\owner@otb.stats.differencis[1].txt [ /otb.stats.differencis ]
    D:\Documents and Settings\Owner\Cookies\owner@overture[1].txt [ /overture ]
    D:\Documents and Settings\Owner\Cookies\owner@partners.globaldirectmedia[2].txt [ /partners.globaldirectmedia ]
    D:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[2].txt [ /paypal.112.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@pointroll[2].txt [ /pointroll ]
    D:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt [ /questionmarket ]
    D:\Documents and Settings\Owner\Cookies\owner@questionmarket[3].txt [ /questionmarket ]
    D:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt [ /revsci ]
    D:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt [ /revsci ]
    D:\Documents and Settings\Owner\Cookies\owner@revsci[3].txt [ /revsci ]
    D:\Documents and Settings\Owner\Cookies\owner@ru4[1].txt [ /ru4 ]
    D:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt [ /sales.liveperson ]
    D:\Documents and Settings\Owner\Cookies\owner@secure.trafficgeyser[2].txt [ /secure.trafficgeyser ]
    D:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt [ /serving-sys ]
    D:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt [ /serving-sys ]
    D:\Documents and Settings\Owner\Cookies\owner@serving-sys[3].txt [ /serving-sys ]
    D:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt [ /specificclick ]
    D:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt [ /specificclick ]
    D:\Documents and Settings\Owner\Cookies\owner@sportsmansguide.122.2o7[1].txt [ /sportsmansguide.122.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt [ /stat.onestat ]
    D:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt [ /statcounter ]
    D:\Documents and Settings\Owner\Cookies\owner@static.freewebs.getclicky[1].txt [ /static.freewebs.getclicky ]
    D:\Documents and Settings\Owner\Cookies\owner@stats.justhost[1].txt [ /stats.justhost ]
    D:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt [ /statse.webtrendslive ]
    D:\Documents and Settings\Owner\Cookies\owner@stopzilla[1].txt [ /stopzilla ]
    D:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt [ /tacoda ]
    D:\Documents and Settings\Owner\Cookies\owner@tacoda[3].txt [ /tacoda ]
    D:\Documents and Settings\Owner\Cookies\owner@thefind.co[1].txt [ /thefind.co ]
    D:\Documents and Settings\Owner\Cookies\owner@timeoutcommunications.122.2o7[1].txt [ /timeoutcommunications.122.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt [ /toplist ]
    D:\Documents and Settings\Owner\Cookies\owner@track.effiliation[1].txt [ /track.effiliation ]
    D:\Documents and Settings\Owner\Cookies\owner@track.effiliation[3].txt [ /track.effiliation ]
    D:\Documents and Settings\Owner\Cookies\owner@track.webgains[2].txt [ /track.webgains ]
    D:\Documents and Settings\Owner\Cookies\owner@tracker.opticsplanet[2].txt [ /tracker.opticsplanet ]
    D:\Documents and Settings\Owner\Cookies\owner@tracker.roitesting[1].txt [ /tracker.roitesting ]
    D:\Documents and Settings\Owner\Cookies\owner@tracking.hostgator[2].txt [ /tracking.hostgator ]
    D:\Documents and Settings\Owner\Cookies\owner@tracking.publicidees[2].txt [ /tracking.publicidees ]
    D:\Documents and Settings\Owner\Cookies\owner@trafficregenerator[2].txt [ /trafficregenerator ]
    D:\Documents and Settings\Owner\Cookies\owner@ukpubfinder[2].txt [ /ukpubfinder ]
    D:\Documents and Settings\Owner\Cookies\owner@vdwp.solution.weborama[2].txt [ /vdwp.solution.weborama ]
    D:\Documents and Settings\Owner\Cookies\owner@vivastreet.112.2o7[2].txt [ /vivastreet.112.2o7 ]
    D:\Documents and Settings\Owner\Cookies\owner@weborama[1].txt [ /weborama ]
    D:\Documents and Settings\Owner\Cookies\owner@weborama[3].txt [ /weborama ]
    D:\Documents and Settings\Owner\Cookies\owner@www.cpcadnet[1].txt [ /www.cpcadnet ]
    D:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[3].txt [ /www.googleadservices ]
    D:\Documents and Settings\Owner\Cookies\owner@www.gotrackthis[2].txt [ /www.gotrackthis ]
    D:\Documents and Settings\Owner\Cookies\owner@www.scottcountry.co[2].txt [ /www.scottcountry.co ]
    D:\Documents and Settings\Owner\Cookies\owner@www.stopzilla[1].txt [ /www.stopzilla ]
    D:\Documents and Settings\Owner\Cookies\owner@www.thefind.co[2].txt [ /www.thefind.co ]
    D:\Documents and Settings\Owner\Cookies\owner@www.tracklead[1].txt [ /www.tracklead ]
    D:\Documents and Settings\Owner\Cookies\owner@www9.addfreestats[1].txt [ /www9.addfreestats ]
    D:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt [ /xiti ]
    D:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt [ /yadro ]
    D:\Documents and Settings\Owner\Cookies\NY4SUUFI.txt [ /pro-market.net ]
    D:\Documents and Settings\Owner\Cookies\R8S5C1VJ.txt [ /e-2dj6wcl4sjczofo.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\LNTFHTGP.txt [ /ar.atwola.com ]
    D:\Documents and Settings\Owner\Cookies\BC2E2TWO.txt [ /advertising.com ]
    D:\Documents and Settings\Owner\Cookies\KIY7TGVZ.txt [ /bs.serving-sys.com ]
    D:\Documents and Settings\Owner\Cookies\761GDKW0.txt [ /ads.jobsite.co.uk ]
    D:\Documents and Settings\Owner\Cookies\J4I8IA3M.txt [ /mediabrandsww.com ]
    D:\Documents and Settings\Owner\Cookies\EIN56RUX.txt [ /ad1.emediate.dk ]
    D:\Documents and Settings\Owner\Cookies\38H1S9SH.txt [ /media6degrees.com ]
    D:\Documents and Settings\Owner\Cookies\YV7GIZX4.txt [ /ox-d.w00tmedia.net ]
    D:\Documents and Settings\Owner\Cookies\97TNFPAN.txt [ /tribalfusion.com ]
    D:\Documents and Settings\Owner\Cookies\PD9OR0IJ.txt [ /eas.apm.emediate.eu ]
    D:\Documents and Settings\Owner\Cookies\43B18PZ4.txt [ /apmebf.com ]
    D:\Documents and Settings\Owner\Cookies\TXLK8QJ1.txt [ /findgala.com ]
    D:\Documents and Settings\Owner\Cookies\I9MBJFM5.txt [ /adtech.de ]
    D:\Documents and Settings\Owner\Cookies\08JIDNE6.txt [ /revsci.net ]
    D:\Documents and Settings\Owner\Cookies\HKYVUVDU.txt [ /at.atwola.com ]
    D:\Documents and Settings\Owner\Cookies\I2HLLVAE.txt [ /atdmt.com ]
    D:\Documents and Settings\Owner\Cookies\9CI0EM8X.txt [ /yieldmanager.net ]
    D:\Documents and Settings\Owner\Cookies\MED5ECR4.txt [ /collective-media.net ]
    D:\Documents and Settings\Owner\Cookies\WVGHSLV4.txt [ /content.yieldmanager.com ]
    D:\Documents and Settings\Owner\Cookies\B87Q9GIE.txt [ /adbrite.com ]
    D:\Documents and Settings\Owner\Cookies\HDJ80X1R.txt [ /statse.webtrendslive.com ]
    D:\Documents and Settings\Owner\Cookies\AV05S587.txt [ /uk.at.atwola.com ]
    D:\Documents and Settings\Owner\Cookies\PS1W43OJ.txt [ /mediaplex.com ]
    D:\Documents and Settings\Owner\Cookies\OMSZGNM9.txt [ /casalemedia.com ]
    D:\Documents and Settings\Owner\Cookies\F16Z40V6.txt [ /ad.360yield.com ]
    D:\Documents and Settings\Owner\Cookies\WROENO25.txt [ /ru4.com ]
    D:\Documents and Settings\Owner\Cookies\OUOKKVBI.txt [ /www4.smartadserver.com ]
    D:\Documents and Settings\Owner\Cookies\WOJNPXCP.txt [ /tradedoubler.com ]
    D:\Documents and Settings\Owner\Cookies\C9T0B0LC.txt [ /smartadserver.com ]
    D:\Documents and Settings\Owner\Cookies\SCD7NB7D.txt [ /adviva.net ]
    D:\Documents and Settings\Owner\Cookies\YGMMQ3HC.txt [ /doubleclick.net ]
    D:\Documents and Settings\Owner\Cookies\SSVYPPOF.txt [ /ad.yieldmanager.com ]
    D:\Documents and Settings\Owner\Cookies\XP0EJZDT.txt [ /005.free-counters.co.uk ]
    D:\Documents and Settings\Owner\Cookies\5GVQO709.txt [ /serving-sys.com ]
    D:\Documents and Settings\Owner\Cookies\O8GOJPDX.txt [ /invitemedia.com ]
    D:\Documents and Settings\Owner\Cookies\W6GX1NBL.txt [ /www.countryshowguide.co.uk ]
    D:\Documents and Settings\Owner\Cookies\3P4277MF.txt [ /content.yieldmanager.com ]
    D:\Documents and Settings\Owner\Cookies\owner@uk.sitestat[1].txt [ /uk.sitestat.com ]
    D:\Documents and Settings\Owner\Cookies\QY22X4Q2.txt [ /admarketplace.net ]
    D:\Documents and Settings\Owner\Cookies\PLDJ8SVE.txt [ /ads.audience2media.com ]
    D:\Documents and Settings\Owner\Cookies\4N2OB3X2.txt [ /247realmedia.com ]
    D:\Documents and Settings\Owner\Cookies\HJZY104U.txt [ /ads.pubmatic.com ]
    D:\Documents and Settings\Owner\Cookies\CIWVSIBA.txt [ /questionmarket.com ]
    D:\Documents and Settings\Owner\Cookies\owner@int.sitestat[1].txt [ /int.sitestat.com ]
    D:\Documents and Settings\Owner\Cookies\O0KEW3PJ.txt [ /www.cellartracker.com ]
    D:\Documents and Settings\Owner\Cookies\owner@estat[1].txt [ /estat.com ]
    D:\Documents and Settings\Owner\Cookies\EZRS8JOC.txt [ /bigentertainmentfinder.com ]
    D:\Documents and Settings\Owner\Cookies\owner@fr.sitestat[2].txt [ /fr.sitestat.com ]
    D:\Documents and Settings\Owner\Cookies\I8BHWD5B.txt [ /statcounter.com ]
    D:\Documents and Settings\Owner\Cookies\U2X4LIB0.txt [ /2o7.net ]
    D:\Documents and Settings\Owner\Cookies\1B29YIPY.txt [ /mm.chitika.net ]
    D:\Documents and Settings\Owner\Cookies\I1T701X7.txt [ /zedo.com ]
    D:\Documents and Settings\Owner\Cookies\4AV0GZ10.txt [ /ads.freeads.co.uk ]
    D:\Documents and Settings\Owner\Cookies\3IQFDOYW.txt [ /lucidmedia.com ]
    D:\Documents and Settings\Owner\Cookies\QLLL9S2M.txt [ /fastclick.net ]
    D:\Documents and Settings\Owner\Cookies\KFR97XEE.txt [ /stat.dealtime.com ]
    D:\Documents and Settings\Owner\Cookies\AAMUWIPG.txt [ /legolas-media.com ]
    D:\Documents and Settings\Owner\Cookies\R880IM7P.txt [ /adform.net ]
    D:\Documents and Settings\Owner\Cookies\8H2DPK3L.txt [ /adserver.adtechus.com ]
    D:\Documents and Settings\Owner\Cookies\owner@fr.sitestat[1].txt [ /fr.sitestat.com ]
    D:\Documents and Settings\Owner\Cookies\EX2J47H5.txt [ /richmedia.yahoo.com ]
    D:\Documents and Settings\Owner\Cookies\2QZRDAG5.txt [ /18virginsex.com ]
    D:\Documents and Settings\Owner\Cookies\AEB2LMT2.txt [ /trafficmp.com ]
    D:\Documents and Settings\Owner\Cookies\E5NOZQPZ.txt [ /www.burstnet.com ]
    D:\Documents and Settings\Owner\Cookies\QYDNMC2P.txt [ /stats.paypal.com ]
    D:\Documents and Settings\Owner\Cookies\4R4966TC.txt [ /overture.com ]
    D:\Documents and Settings\Owner\Cookies\D67IBLWZ.txt [ /tacoda.at.atwola.com ]
    D:\Documents and Settings\Owner\Cookies\L4CIC2DA.txt [ /myroitracking.com ]
    D:\Documents and Settings\Owner\Cookies\FO4FPGPJ.txt [ /e-2dj6whkoaiajsgq.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\NB2Z0B58.txt [ /find-girlfriend.net ]
    D:\Documents and Settings\Owner\Cookies\owner@uk.sitestat[2].txt [ /uk.sitestat.com ]
    D:\Documents and Settings\Owner\Cookies\STXB8CJ9.txt [ /bizzclick.com ]
    D:\Documents and Settings\Owner\Cookies\RDP6H6DS.txt [ /server.iad.liveperson.net ]
    D:\Documents and Settings\Owner\Cookies\FPBX1UVO.txt [ /ads.undertone.com ]
    D:\Documents and Settings\Owner\Cookies\5O5SOV2C.txt [ /track.adform.net ]
    D:\Documents and Settings\Owner\Cookies\3EZKO0SS.txt [ /advertise.com ]
    D:\Documents and Settings\Owner\Cookies\WCUI0Y0N.txt [ /dealtime.co.uk ]
    D:\Documents and Settings\Owner\Cookies\OMQNLR5G.txt [ /viewablemedia.net ]
    D:\Documents and Settings\Owner\Cookies\5KA9AJRN.txt [ /stats.ilivid.com ]
    D:\Documents and Settings\Owner\Cookies\ST8SR7QS.txt [ /ad3.adfarm1.adition.com ]
    D:\Documents and Settings\Owner\Cookies\CVZ2EKQ4.txt [ /tacoda.net ]
    D:\Documents and Settings\Owner\Cookies\A2Z7N5MA.txt [ /cellartracker.com ]
    D:\Documents and Settings\Owner\Cookies\KWLW34F8.txt [ /nextag.co.uk ]
    D:\Documents and Settings\Owner\Cookies\V8HPLH9T.txt [ /clicksor.com ]
    D:\Documents and Settings\Owner\Cookies\CVQUKVWL.txt [ /newlook.112.2o7.net ]
    D:\Documents and Settings\Owner\Cookies\K3KXR942.txt [ /clickbank.net ]
    D:\Documents and Settings\Owner\Cookies\SOCZQR5V.txt [ /e-2dj6wfl4aiajelo.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\owner@yahooads.valuead[1].txt [ /yahooads.valuead.com ]
    D:\Documents and Settings\Owner\Cookies\XOR3H6NA.txt [ /interclick.com ]
    D:\Documents and Settings\Owner\Cookies\T05EDSJ4.txt [ /click01.mivaadcenter.com ]
    D:\Documents and Settings\Owner\Cookies\MFQFMHM8.txt [ /bridge1.admarketplace.net ]
    D:\Documents and Settings\Owner\Cookies\B2FRUP3L.txt [ /accounts.google.com ]
    D:\Documents and Settings\Owner\Cookies\0HFDA2W6.txt [ /liveperson.net ]
    D:\Documents and Settings\Owner\Cookies\YXROUA7C.txt [ /e-2dj6wnkyeiajklo.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\GWUXRBKO.txt [ /burstnet.com ]
    D:\Documents and Settings\Owner\Cookies\BWB4DCS1.txt [ /a.revenuemax.de ]
    D:\Documents and Settings\Owner\Cookies\CY8II3PR.txt [ /h.atdmt.com ]
    D:\Documents and Settings\Owner\Cookies\CZPD7M57.txt [ /liveperson.net ]
    D:\Documents and Settings\Owner\Cookies\JPDSVRFW.txt [ /bubblestat.com ]
    D:\Documents and Settings\Owner\Cookies\21ADQQL9.txt [ /clickaider.com ]
    D:\Documents and Settings\Owner\Cookies\B6EH8VV3.txt [ /matalan.122.2o7.net ]
    D:\Documents and Settings\Owner\Cookies\U1291FSL.txt [ /r1-ads.ace.advertising.com ]
    D:\Documents and Settings\Owner\Cookies\WJ2HSXP1.txt [ /www.googleadservices.com ]
    D:\Documents and Settings\Owner\Cookies\CUAKSPTP.txt [ /amazon-adsystem.com ]
    D:\Documents and Settings\Owner\Cookies\YU2CA3ZI.txt [ /ads.nvivo.es ]
    D:\Documents and Settings\Owner\Cookies\048MKBYN.txt [ /e-2dj6wfk4cmcjgco.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\LK5VVRZJ.txt [ /www.adultphonechat.co.uk ]
    D:\Documents and Settings\Owner\Cookies\KINNZGJZ.txt [ /tradefx.advertserve.com ]
    D:\Documents and Settings\Owner\Cookies\YFJG8OCO.txt [ /adfarm1.adition.com ]
    D:\Documents and Settings\Owner\Cookies\Y90EA5NK.txt [ /extra-traffic.com ]
    D:\Documents and Settings\Owner\Cookies\IWZZEL9Z.txt [ /e-2dj6aeliehajklq.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\RZHQCOMO.txt [ /burstbeacon.com ]
    D:\Documents and Settings\Owner\Cookies\AX2UB1JA.txt [ /clickfuse.com ]
    D:\Documents and Settings\Owner\Cookies\232RP4FQ.txt [ /find-allyouneed.com ]
    D:\Documents and Settings\Owner\Cookies\0XD8I8I8.txt [ /e-2dj6wnmysmcpcbo.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\JUWCL101.txt [ /server.lon.liveperson.net ]
    D:\Documents and Settings\Owner\Cookies\WZSKAR94.txt [ /e-2dj6aekyojazilo.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\MQCFZCQD.txt [ /ads.acevillepublications.com ]
    D:\Documents and Settings\Owner\Cookies\IY2D5W1D.txt [ /e-2dj6wmmiohdjoao.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\NKUHTYXV.txt [ /e-2dj6wcmykncpmbp.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\XD1Z2K1G.txt [ /thecountyhotel.net ]
    D:\Documents and Settings\Owner\Cookies\XWQFJ4BT.txt [ /bmuk.burstnet.com ]
    D:\Documents and Settings\Owner\Cookies\MLOM8A1Y.txt [ /e-2dj6wjkounazakp.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\GYYO0XW3.txt [ /www.burstbeacon.com ]
    D:\Documents and Settings\Owner\Cookies\VS5PCGYJ.txt [ /accounts.youtube.com ]
    D:\Documents and Settings\Owner\Cookies\NFKHC1GW.txt [ /uk.sitestat.com ]
    D:\Documents and Settings\Owner\Cookies\AUKAOQLE.txt [ /tsleducation.112.2o7.net ]
    D:\Documents and Settings\Owner\Cookies\KXUMA55X.txt [ /ads.telegraph.co.uk ]
    D:\Documents and Settings\Owner\Cookies\5LRJA3IM.txt [ /e-2dj6wgkyencpalo.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\ZIJ5UARW.txt [ /ads.bleepingcomputer.com ]
    D:\Documents and Settings\Owner\Cookies\SV8DM01V.txt [ /www.find-solar-installers.co.uk ]
    D:\Documents and Settings\Owner\Cookies\Y31ZI8SG.txt [ /airfrance.bannerfactory.fr ]
    D:\Documents and Settings\Owner\Cookies\P8RHS0MA.txt [ /e-2dj6wgkywicpedq.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\P8L26GC0.txt [ /perf.overture.com ]
    D:\Documents and Settings\Owner\Cookies\OCEZMSCI.txt [ /e-2dj6aekycicjweq.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\DRAWQQLN.txt [ /adultphonechat.co.uk ]
    D:\Documents and Settings\Owner\Cookies\BRORDBPQ.txt [ /e-2dj6aekiqjcjodq.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\FY05UGAF.txt [ /cpcadnet.com ]
    D:\Documents and Settings\Owner\Cookies\N3Z3O1LN.txt [ /e-2dj6wjmygkdzkco.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\HUQXHPJC.txt [ /www.visitortracklog.com ]
    D:\Documents and Settings\Owner\Cookies\3ARV56R5.txt [ /e-2dj6wgkiagazgdo.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\2BB0M3SS.txt [ /tracking.onefeed.co.uk ]
    D:\Documents and Settings\Owner\Cookies\C7XV9X3S.txt [ /uk.sitestat.com ]
    D:\Documents and Settings\Owner\Cookies\H9S8FH1S.txt [ /a1.interclick.com ]
    D:\Documents and Settings\Owner\Cookies\Y9Y48TM8.txt [ /e-2dj6wmkosodjseq.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\6TQJF0JQ.txt [ /e-2dj6wgkiwkazmhp.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\9QEDQRU0.txt [ /e-2dj6aekismajehq.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\JKPI252G.txt [ /kiddicare.solution.weborama.fr ]
    D:\Documents and Settings\Owner\Cookies\646C8LTI.txt [ /e-2dj6wfmikgcpsdo.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\65DFO2FK.txt [ /e-2dj6aekyskazkeq.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\3CHDNWMC.txt [ /www.clickshield.net ]
    D:\Documents and Settings\Owner\Cookies\DJ2A0NN2.txt [ /liveperson.net ]
    D:\Documents and Settings\Owner\Cookies\BGWAI2WD.txt [ /e-2dj6wfmyemcjehq.stats.esomniture.com ]
    D:\Documents and Settings\Owner\Cookies\CUU5KIAS.txt [ /www.findstuff.com ]
    D:\DOCUMENTS AND SETTINGS\OWNER\Cookies\owner@www.google[2].txt [ Cookie:eek:wner@www.google.com/accounts ]
    D:\DOCUMENTS AND SETTINGS\OWNER\Cookies\owner@adsonar[3].txt [ Cookie:eek:wner@adsonar.com/adserving ]
    D:\DOCUMENTS AND SETTINGS\OWNER\Cookies\owner@www.europesurgery.co[2].txt [ Cookie:eek:wner@www.europesurgery.co.uk/counter23102007131759/ ]
    D:\DOCUMENTS AND SETTINGS\OWNER\Cookies\FGO9BFGE.txt [ Cookie:eek:wner@ich.adscale.de/adserver-ich/ ]
    banners.securedataimages.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    cde.cerosmedia.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    cdn.insights.gravity.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    cdn5.specificclick.net [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    cloud.video.unrulymedia.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    content.oddcast.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    ec.atdmt.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    gw.callingbanners.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    ia.media-imdb.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    macromedia.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    media.alot.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    media.pornphase.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    media.scanscout.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    msntest.serving-sys.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    oddcast.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    s0.2mdn.net [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    secure-uk.imrworldwide.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    secure-us.imrworldwide.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    serving-sys.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    spe.atdmt.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    track.webgains.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    tracking.onefeed.co.uk [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    www.cellartracker.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    www.naiadsystems.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    www.soundclick.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    www.ziporn.com [ D:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\C7RCWVE8 ]
    .atdmt.com [ D:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ D:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ D:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Hopefully you check the line in SAS to remove the entries it finds. If you did not, run it again and do so.

    There are some sites being visited -Porn and 'adult' chat sites- that will put malware on the system. The 3rd party Cookies can be removed, but there will still be Cookies from the sites itself.
    =================================================
    The account with user name Owner need to reset the Cookies as follows:

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    ===================================
    Suggest you print the following so you can refer to it as needed.

    The cause of the redirects is the FindGala malware. It appears that this malware was from searched performed in Internet Explorer SearchScopes.

    You may have run some of these programs previously. Keep Malwarebytes but if RKill is still on the desktop, I'd like you to remove it and the logs it created, and do the following in the order given:

    Step One:please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 3 different versions. If one of them won't run then download and try to run the other one
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    (A tip: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Smart Engine when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again.)
    ------------------------------------
    Step Two: Perform a Full Scan with Malwarebytes.
    Update Mbam you have now
    > On the Scanner tab, make sure the the Perform full scan option is selected.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    ------------------------
    Step Three: Access, Delete, Replace Hosts files:
    Please download the following batch file and save it to your desktop:
    Hostsperm.bat
    • Double-click on the hostsperm.bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run.
      [o]Once it starts you will see a small black window that opens, then goes away. This is normal. You should now be able to access your HOSTS file.
    • We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file.
    • Once it is deleted, download the following HOSTS file that corresponds to your version of Windows and save it in the C:\Windows\System32\Drivers\etc folder.
      [o]Windows XP HOSTS File Download Link
    • If the contents of the HOSTS file opens in your browser when you click on the link, then right-click the link and select:
      [o]Save Target As if in Internet Explorer
      [o] Save Link Asif in Firefox, to download the file.
    • Your Windows HOSTS file should now be back to the default one from when Windows was first installed.
    • Now reboot your computer.
    ================================================
  4. oldschooltie

    oldschooltie Newcomer, in training Topic Starter Posts: 68

    Mbam log

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8005

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    23/10/2011 15:07:38
    mbam-log-2011-10-23 (15-07-38).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 250635
    Time elapsed: 30 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  5. oldschooltie

    oldschooltie Newcomer, in training Topic Starter Posts: 68

    deleting hosts file

    Have worked through instructions and have run hosts.perm.
    I do not understand " we now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file" instruction. There are no prompts from running hosts.perm programme.
    Awaiting further instructions please.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You ran the hosts.perm before deleting the hijacked host?
  7. oldschooltie

    oldschooltie Newcomer, in training Topic Starter Posts: 68

    I performed instructions in order as directed. Rkill first. Malwarebytes secondly. Thirdly uploaded and run Hostsperm. You say this should allow me to access Hosts file. How do I find this and continue with your instructions? Thanks.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Did replacing the Hosts files make any difference?
  9. oldschooltie

    oldschooltie Newcomer, in training Topic Starter Posts: 68

    Update

    I'm not sure that I have replaced the host file - see post #82. There is no difference and redirect is regularly blocked by Avast flagging up trojans.
    I am not working away for a week, so maybe we can make some real progress over the next few days. Thanks.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Can you describe this in more detail please?

    "There is no difference and redirect is regularly blocked by Avast flagging up trojans."
  11. oldschooltie

    oldschooltie Newcomer, in training Topic Starter Posts: 68

    Examples

    Tried "The Damned" search from Yahoo homepage again. These are the results.
    Yahoo gave me a list of The Damned search options which is correct.
    Clicked on "The Damned Official Website" and 3 different addresses flashed through tab at top left of page whilst loading up and sent me to "groupon" homepage.
    Clicked back once and sent me to "MI Carenergy.com" - which asked if I wanted to make it my homepage.
    Click back a second time and sent me to "downloadgamestocellphone.com which presented me with a search list of "the Damned" articles.
    clicked back again and sent me to "freesearchquick.com/search.php?q=the+damned - no result found.
    clicked back again - got message IE cannot display webpage.

    In the time it takes for the above pages to load up (less then a second) I got the "groupon" homepage which I mentioned earlier momentarily.
    From this point clicking back alternated between the freesearchquick and Groupn pages and would not return to the yahoo seach results I expected it to.

    Tried the same for "weather forecast" from yahoo homepage.
    This sent me to http://search.uk.exite.en/tag/?q=weather forecast - listing weather forecast search results.
    Clicked back from here and took me back to Yahoo seach results page.

    In the tab at top left of page whilst a page is loading up regularly flashes up as gaming/amusement or keepfit type of pages before settling on a page which loads up.

    Regularly get redirected to "clickcompare.info/sch/article.php?url=" - any seach results from this page will not load up and the page stays blank.

    Avast has not given any virus/trojan messages today. Can I find a list of these for you within avast which have been blocked for your inspection?

    One other thing which I noticed as PC was booted up today is a message saying" your pc may be at risk - AVG firewall not working/installed"(cant remember exactly how this was worded) - I thought we removed AVG!

    Thanks.
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay, I may have found it. Please run HijackThis and I'll tell you what to check when I see the log. If the current version is on the desktop, update and use it to run new scan.:

    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    You may have run it before, but I want a current scan.
  13. oldschooltie

    oldschooltie Newcomer, in training Topic Starter Posts: 68

    Hijackthis log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:40:36, on 08/11/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    D:\Documents and Settings\Owner\Desktop\SASCORE.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/start?.pd=l=anthonygodfrey11@btinternet.com&c=K1gXhD2p2e7uH.80E1C6CGax
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNjg4NjgxMTE5LVZJUCsxLVNQMSsxLUZMMTArMS1YTzEwKzExLVRVRyszLUREVCsxNjE1MC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzE"&"prod=90"&"ver=10.0.1392
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Facebook Update] "D:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} (DynamicWebTwain Class) - https://xchecker.reed.co.uk/Scanning/DynamicWebTwain.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: !SASWinLogon - D:\Documents and Settings\Owner\Desktop\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Documents and Settings\Owner\Desktop\SASCORE.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: KKSJF - Unknown owner - D:\DOCUME~1\Owner\LOCALS~1\Temp\KKSJF.exe (file missing)
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 10560 bytes
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Did you ever run the script for Combofix I left in Reply #59?

    What I planned to remove was in that but it is still on the system.

    The C Drive is the main HD- right?
    What is the D Drive?

    Going through the logs yet again, I looked for the Attach.txt log which you finally left, but the entries top section is missing. That would have shown the drives and partitions. I noticed the following on the D Drive:

    If Avast is installed on the C Drive, why is Avast appdata going to the D Drive?

    2011-09-04 19:59 -------- d-----w- d:\documents and settings\All Users\Application Data\AVAST Software
    2011-09-04 19:59 -------- d-----w- c:\program files\AVAST Software
    --------------------------------------
    2011-09-04 19:32 -------- d-----w- d:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}>> the only info I can find for this is for the Uniblue Registry Booster setup.
    2011-09-04 15:37 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Facebook

    The folders infected with the (Rogue.SystemSmartSecurity) were on the D Drive
    --------------------------------------
    Do NOT leave any more logs unless I specifically ask you to.
  15. oldschooltie

    oldschooltie Newcomer, in training Topic Starter Posts: 68

    update

    I ran (or tried) combofix at the time, but was unsure of success ,See reply #60 and could not find any log produced - if any.
    I have always questioned the relevance & priority of the D.drive as previous computer only had C.drive. C drive (listed as HDD(C) is the primary drive but when saving items they usually save to D drive - Listed as Data(D:)
    Also noticed that if I click on C drive and navigate to Docs & Settings and open this file it goes to a default file. If I open this there is a My Documents file, this contains only a few photographs.
    Drive D is where all of my files are kept, including another My Documents file. This is how the computer has always been since buying it new. If this is a conflicting or unusual set up maybe we can tidy this up at some point in the future. It has never seemed right to me having two My Documents files on this computer.
    Incidently IE frequently asks if I want to upload version 8. Is this something that should be done or not at this point? Awaiting your instructions.
  16. oldschooltie

    oldschooltie Newcomer, in training Topic Starter Posts: 68

    Is anyone available for next step please?
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Tony, I told you when I saw the first Combofix log that the deleted files were unusual. I asked what the source for those deleted files had been and you did not know. You overwhelmed me with logs- some posted in triplicate, some incomplete, some incorrectly named.

    It appears that you are not doing any maintenance on the system since a large number of the deletes were Temporary Internet Files

    We have been at this for over 2 months and although your system is actually cleaner and leaner, you notice no improvement.

    There is nothing more I can do for you. Although I see improvement in the logs, you do not notice and improvement in the redirects.

    The system was badly infected when you started. The abundance of deletions in Combofix are not normal. It appears that you have the operating system on the hard drive C, and have made partition for everything else, D.

    Since you noticed some improvements after the system was in the shop, I am going to refer you back to them.

    I think the only thing open to you is to reformat and reinstall. I'm sorry I could not resolve the problem.
    =============================================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.