Big-time PC Issues

M

Miopip

New member
hi, i'm new to these forums but it looks like they're very helpful so i'm very optimistic that someone can help. since yesterday i've been having some popups rear their ugly heads. it seems to be getting worse today. i ran a full system scan with symantec and a whole host of trojans and the like were quarantined. i ran hijack this but can't seem to get a logfile to be created (whether i downloaded from download.com or merijn.org, same result). in doing some research i found that i should delte a VSAdd-in. But using add/remove programs, nothing happens when i try to remove it. my PC (Windows 200 Pro OS) seems to be running slower and slower and i'm getting more and more pop-ups. How can I clean up this mess? It all seemed to begin yesterday when my wife clicked on a link from cnn.com that supposedly had pics of britney spears with her head shaved!

please let me know what other info I should provide to facilitate help.

Help!

-Miopip
 
Results of Symantec

Here is some more info. When i ran the 'full scan' on Symantec I got the following 9 items quarantined. But now my system is running slower since the scan AND i get more popups.

Winfixer- filename: winantiviruspro2006freeinstall(1).cab
Downloader- filename: svchost.exe
Trojan.vundo- rwfnqend.exe
Infostealer- biwhcvgh.dll
W32.spybot.worm- tots3o.exe
W32.spybot.worm- s1stfu.exe
Trojan.vundo- VSAdd-in.dll
W32.spybot.worm- qtask.exe
W32.spybot.worm- mixers.exe
 
Hi Miopip and welcome to the Forums :)

Sounds that you're badly infected.

Let's try this:
  • Click here to download HijackThis.exe
  • Save HijackThis.exe to your desktop.
  • Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
  • Then rename HijackThis.exe to Scanner.exe
  • Run Scanner.exe
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

:bigthumb:
 
HijackThis log

Thanks for the welcoming Mr_JAk3.

Here is my HijackThis log. As you suggested I did not fix anything yet.

One other thing....I have the VSAdd-in which I can't remove via Add/Remove Programs and a page I saved as a Favorite yesterday now doesn't have the IE logo next to it but rather a 'V' logo, part of the whole VSAdd-in thing.

Logfile of HijackThis v1.99.1
Scan saved at 8:26:06 PM, on 2/19/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis\Scanner.exe.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sr009rd/opsreporter/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {279188B7-747B-4F57-9B54-EE1ED5630AAA} - C:\WINNT\system32\jkhfd.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINNT\system32\awtqrro.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINNT\system32\ujnavfls.dll
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Chinese Keyword - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm (file missing)
O9 - Extra button: (no name) - {BF1F4A1A-BDCD-43ac-9D17-261D2C197AB8} - http://assistant.3721.com/uninstall.htm (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O11 - Options group: [!CNS] Chinese keywords
O14 - IERESET.INF: START_PAGE_URL=http://sr009rd/opsreporter/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O20 - Winlogon Notify: awtqrro - C:\WINNT\SYSTEM32\awtqrro.dll
O20 - Winlogon Notify: cbxxxus - C:\WINNT\SYSTEM32\cbxxxus.dll
O20 - Winlogon Notify: jkhfd - C:\WINNT\system32\jkhfd.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\bin\iPodService.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: OracleOra9ias_homeClientCache - Unknown owner - C:\ora9ias\BIN\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
OK you're infected...

We'll begin the cleaning :)

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log (scanner.exe).
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
 
Results of VundoFix and latest HijackThis log

Ok, let's get this PC clean! Many thanks in advance for your help...

Here is the VundoFix log. I got the reboot message but over that I did have a Registry Editor window with the following message: 'Cannot import C:\\VundoFix.reg: Error opening the file. There may be a disk or file system error. I closed that window and clicked OK on reboot.

Anyway, here's the VundoFix log:

VundoFix V6.3.9

Checking Java version...

Sun Java not detected
Scan started at 6:29:00 PM 2/20/2007

Listing files found while scanning....

C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINNT\system32\awtqrro.dll
C:\WINNT\system32\awtsqrq.dll
C:\WINNT\system32\cbxxxus.dll
C:\WINNT\system32\dfhkj.bak1
C:\WINNT\system32\dfhkj.bak2
C:\WINNT\system32\dfhkj.ini
C:\WINNT\system32\dfhkj.ini2
C:\WINNT\system32\dfhkj.tmp
C:\WINNT\system32\jkhfd.dll
C:\WINNT\system32\ujnavfls.dll
C:\WINNT\system32\wvuvsrr.dll

Beginning removal...

Attempting to delete C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINNT\system32\awtqrro.dll
C:\WINNT\system32\awtqrro.dll Has been deleted!

Attempting to delete C:\WINNT\system32\awtsqrq.dll
C:\WINNT\system32\awtsqrq.dll Has been deleted!

Attempting to delete C:\WINNT\system32\cbxxxus.dll
C:\WINNT\system32\cbxxxus.dll Has been deleted!

Attempting to delete C:\WINNT\system32\dfhkj.bak1
C:\WINNT\system32\dfhkj.bak1 Has been deleted!

Attempting to delete C:\WINNT\system32\dfhkj.bak2
C:\WINNT\system32\dfhkj.bak2 Has been deleted!

Attempting to delete C:\WINNT\system32\dfhkj.ini
C:\WINNT\system32\dfhkj.ini Has been deleted!

Attempting to delete C:\WINNT\system32\dfhkj.ini2
C:\WINNT\system32\dfhkj.ini2 Has been deleted!

Attempting to delete C:\WINNT\system32\dfhkj.tmp
C:\WINNT\system32\dfhkj.tmp Has been deleted!

Attempting to delete C:\WINNT\system32\jkhfd.dll
C:\WINNT\system32\jkhfd.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ujnavfls.dll
C:\WINNT\system32\ujnavfls.dll Has been deleted!

Attempting to delete C:\WINNT\system32\wvuvsrr.dll
C:\WINNT\system32\wvuvsrr.dll Has been deleted!

Performing Repairs to the registry.
Done!


And here are the results of HijackThis scan run after VundoFix.exe was run:
Logfile of HijackThis v1.99.1
Scan saved at 8:05:03 PM, on 2/20/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis\Scanner.exe.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sr009rd/opsreporter/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {873E6CE5-4F6A-4C4A-B918-A2352F2EC6BB} - C:\WINNT\system32\jkhfd.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINNT\system32\awtqrro.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINNT\system32\ujnavfls.dll (file missing)
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Chinese Keyword - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm (file missing)
O9 - Extra button: (no name) - {BF1F4A1A-BDCD-43ac-9D17-261D2C197AB8} - http://assistant.3721.com/uninstall.htm (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O11 - Options group: [!CNS] Chinese keywords
O14 - IERESET.INF: START_PAGE_URL=http://sr009rd/opsreporter/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\bin\iPodService.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: OracleOra9ias_homeClientCache - Unknown owner - C:\ora9ias\BIN\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
Hi again, we'll continue :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

==================

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sr009rd/opsreporter/
R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: (no name) - {873E6CE5-4F6A-4C4A-B918-A2352F2EC6BB} - C:\WINNT\system32\jkhfd.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINNT\system32\awtqrro.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINNT\system32\ujnavfls.dll (file missing)
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O9 - Extra button: Chinese Keyword - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm (file missing)
O9 - Extra button: (no name) - {BF1F4A1A-BDCD-43ac-9D17-261D2C197AB8} - http://assistant.3721.com/uninstall.htm (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O11 - Options group: [!CNS] Chinese keywords
O14 - IERESET.INF: START_PAGE_URL=http://sr009rd/opsreporter/

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following files (if present):
C:\WINNT\downloaded program files\CnsHook.dll
C:\WINNT\downloaded program files\CnsMin.dll
C:\WINNT\downloaded program files\ Any other files that begin with Cns

Run ATF Cleaner
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
 
AVG report (partial)

Ok, I followed all steps you outlined. I did not find any files beginning with CNS in My Computer when started in Safe Mode. There were a handful of files that had status set to 'unknown' and file names were a series of numbers and letters but didn't have CNS. I didn't delete these.

Here is the AVG report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:04:39 AM 2/22/2007

+ Scan result:



D:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Program Files\3721\alliveex.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\Program Files\3721\scrblock.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CnsMinAL.cab/AutoLive.dll/helper.dll -> Adware.Cnshel : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\Assist -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\Assist\Modules -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\AutoLive -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\AutoLive\scrblock -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\CnsMin -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\CnsMin\CnsMinEx -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AutoLive.Live -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AutoLive.Live.1 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AutoLive.Live\CLSID -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AutoLive.Live\CurVer -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CnsHelper.CH -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CnsHelper.CH.1 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CnsHelper.CH\CurVer -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook.1 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook\CLSID -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook\CurVer -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\InterChina -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\InterChina\Chin@ddress -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Enable -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Hint -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\List -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Menu -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Reset -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\3721 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\3721\CnsMin -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\3721\CnsUrl -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\3721\InputCns -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-267729164-597128604-668086641-500\Software\3721 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-267729164-597128604-668086641-500\Software\3721\AutoLive -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-267729164-597128604-668086641-500\Software\3721\AutoLive\UserCatch -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-267729164-597128604-668086641-500\Software\3721\CnsMin -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-267729164-597128604-668086641-500\Software\3721\CnsMin\Variant -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-267729164-597128604-668086641-500\Software\3721\CnsUrl -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-267729164-597128604-668086641-500\Software\3721\InputCns -> Adware.CnsMin : Cleaned with backup (quarantined).
C:\Program Files\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Hotbar\bin -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Hotbar\hotbar.log -> Adware.HotBar : Cleaned with backup (quarantined).
D:\Documents and Settings\default\Local Settings\Temp\MiniBug.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).
C:\WINNT\Temp\45DB94D1.qsp -> Backdoor.Rbot.bwb : Cleaned with backup (quarantined).
C:\WINNT\system32\winsystem16.exe -> Backdoor.SdBot.bdy : Cleaned with backup (quarantined).
C:\WINNT\system32\xCmdSvc.exe -> Not-A-Virus.RemoteAdmin.Win32.RemoteExec : Cleaned with backup (quarantined).
D:\Documents and Settings\default\Cookies\default@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@2o7[10].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@2o7[5].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@2o7[6].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@2o7[7].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@2o7[8].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@cbs.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@cnn.122.2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@cratebarrel.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@dealnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@giftscom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@kohler.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@marthastewart.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@njmvc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@registercom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@sungarddatasystemsinc.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Local Settings\Temp\Cookies\default@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\default\Cookies\default@ad-flow[2].txt -> TrackingCookie.Ad-flow : Cleaned.
D:\Documents and Settings\default\Cookies\default@ad-logics[1].txt -> TrackingCookie.Ad-logics : Cleaned.
D:\Documents and Settings\default\Cookies\default@pmg.ad-logics[1].txt -> TrackingCookie.Ad-logics : Cleaned.
D:\Documents and Settings\default\Cookies\default@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
D:\Documents and Settings\default\Cookies\default@addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
D:\Documents and Settings\default\Cookies\default@addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads.addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads.addynamix[4].txt -> TrackingCookie.Addynamix : Cleaned.
D:\Documents and Settings\default\Cookies\default@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
D:\Documents and Settings\default\Cookies\default@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
D:\Documents and Settings\default\Cookies\default@admarketplace[3].txt -> TrackingCookie.Admarketplace : Cleaned.
D:\Documents and Settings\default\Cookies\default@admonitor[2].txt -> TrackingCookie.Admonitor : Cleaned.
D:\Documents and Settings\default\Cookies\default@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned.
D:\Documents and Settings\default\Cookies\default@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\default\Cookies\default@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\Documents and Settings\default\Cookies\default@adserv4.ads360[1].txt -> TrackingCookie.Ads360 : Cleaned.
D:\Documents and Settings\default\Cookies\default@dynaserv.ads360[2].txt -> TrackingCookie.Ads360 : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@z1.adserver[3].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@z1.adserver[5].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\default\Cookies\default@z1.adserver[10].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\default\Cookies\default@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\default\Cookies\default@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\default\Cookies\default@z1.adserver[3].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\default\Cookies\default@z1.adserver[4].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\default\Cookies\default@z1.adserver[5].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\default\Cookies\default@z1.adserver[6].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\default\Cookies\default@z1.adserver[7].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\default\Cookies\default@z1.adserver[8].txt -> TrackingCookie.Adserver : Cleaned.
D:\Documents and Settings\default\Cookies\default@adservingcentral[1].txt -> TrackingCookie.Adservingcentral : Cleaned.
D:\Documents and Settings\default\Cookies\default@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
D:\Documents and Settings\default\Cookies\default@adtech[3].txt -> TrackingCookie.Adtech : Cleaned.
D:\Documents and Settings\default\Cookies\default@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.

rest of AVG report in next post due to text length restrictions....
 
Pg 2 of AVG report

AVG report continued from previous post...

D:\Documents and Settings\default\Cookies\default@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\default\Cookies\default@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\default\Cookies\default@rd.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\default\Cookies\default@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\default\Cookies\default@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\default\Cookies\default@servedby.advertising[4].txt -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\default\Cookies\default@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
D:\Documents and Settings\default\Cookies\default@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\default\Cookies\default@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\default\Cookies\default@atdmt[4].txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\default\Cookies\default@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
D:\Documents and Settings\default\Cookies\default@bfast[3].txt -> TrackingCookie.Bfast : Cleaned.
D:\Documents and Settings\default\Cookies\default@bfast[4].txt -> TrackingCookie.Bfast : Cleaned.
D:\Documents and Settings\default\Cookies\default@bluemountain[2].txt -> TrackingCookie.Bluemountain : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\default\Cookies\default@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\default\Cookies\default@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\default\Cookies\default@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\default\Cookies\default@bluestreak[4].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\default\Cookies\default@bluestreak[5].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\default\Cookies\default@bluestreak[6].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\default\Cookies\default@bluestreak[7].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\default\Cookies\default@bluestreak[8].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads32.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads43.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@citi.bridgetrack[3].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@cc.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@citi.bridgetrack[3].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@citi.bridgetrack[4].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@citi.bridgetrack[5].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@citi.bridgetrack[6].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@citi.bridgetrack[7].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@rccl.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@rccl.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@rccl.bridgetrack[4].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\default\Cookies\default@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\default\Cookies\default@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@centrport[3].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@centrport[4].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\default\Cookies\default@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\default\Cookies\default@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\default\Cookies\default@centrport[3].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\default\Cookies\default@centrport[4].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\default\Cookies\default@centrport[5].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\default\Cookies\default@centrport[6].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\default\Cookies\default@centrport[8].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\default\Cookies\default@centrport[9].txt -> TrackingCookie.Centrport : Cleaned.
D:\Documents and Settings\default\Cookies\default@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned.
D:\Documents and Settings\default\Cookies\default@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@cz4.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@cz5.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
D:\Documents and Settings\default\Cookies\default@com[1].txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\default\Cookies\default@com[2].txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\default\Cookies\default@com[3].txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\default\Cookies\default@com[4].txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\default\Cookies\default@com[5].txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\default\Cookies\default@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned.
D:\Documents and Settings\default\Cookies\default@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
D:\Documents and Settings\default\Cookies\default@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : Cleaned.
D:\Documents and Settings\default\Cookies\default@data.coremetrics[3].txt -> TrackingCookie.Coremetrics : Cleaned.
D:\Documents and Settings\default\Cookies\default@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned.
D:\Documents and Settings\default\Cookies\default@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned.
D:\Documents and Settings\default\Cookies\default@bilbo.counted[3].txt -> TrackingCookie.Counted : Cleaned.
D:\Documents and Settings\default\Cookies\default@adultximages2000.com.16871.fb.dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned.
D:\Documents and Settings\default\Cookies\default@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned.
D:\Documents and Settings\default\Cookies\default@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@doubleclick[4].txt -> TrackingCookie.Doubleclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@engage[1].txt -> TrackingCookie.Engage : Cleaned.
D:\Documents and Settings\default\Cookies\default@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
D:\Documents and Settings\default\Cookies\default@estat[1].txt -> TrackingCookie.Estat : Cleaned.
D:\Documents and Settings\default\Cookies\default@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@adopt.euroclick[3].txt -> TrackingCookie.Euroclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\default\Cookies\default@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\default\Cookies\default@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\default\Cookies\default@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\default\Cookies\default@as-us.falkag[3].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\default\Cookies\default@as-us.falkag[4].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\default\Cookies\default@as-us.falkag[5].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\default\Cookies\default@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\default\Cookies\default@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\default\Cookies\default@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@fastclick[10].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@fastclick[5].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@fastclick[6].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@fastclick[7].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@fastclick[8].txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
D:\Documents and Settings\default\Cookies\default@flycast[1].txt -> TrackingCookie.Flycast : Cleaned.
D:\Documents and Settings\default\Cookies\default@focalink[2].txt -> TrackingCookie.Focalink : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@gator[1].txt -> TrackingCookie.Gator : Cleaned.
D:\Documents and Settings\default\Cookies\default@gator[2].txt -> TrackingCookie.Gator : Cleaned.
D:\Documents and Settings\default\Cookies\default@gator[3].txt -> TrackingCookie.Gator : Cleaned.
D:\Documents and Settings\default\Cookies\default@webpdp.gator[1].txt -> TrackingCookie.Gator : Cleaned.
D:\Documents and Settings\default\Cookies\default@earth.goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-apcs.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-careerbuilder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-cbs.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-dig.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-editorialpro.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-espn.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-lexnex.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-sportsline.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg-vonage.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@hg1.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@hitbox[5].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@w111.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@w116.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@w131.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
D:\Documents and Settings\default\Cookies\default@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
D:\Documents and Settings\default\Cookies\default@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
D:\Documents and Settings\default\Cookies\default@adserv.internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned.
D:\Documents and Settings\default\Cookies\default@banserv.internetfuel[2].txt -> TrackingCookie.Internetfuel : Cleaned.
D:\Documents and Settings\default\Cookies\default@internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned.
 
Pg 3 of AVG report...

Sorry, the text-length restriction is killing me here...

continuation of AVG report...

D:\Documents and Settings\default\Cookies\default@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
D:\Documents and Settings\default\Cookies\default@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\default\Cookies\default@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\default\Cookies\default@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\default\Cookies\default@server.iad.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\default\Cookies\default@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
D:\Documents and Settings\default\Cookies\default@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned.
D:\Documents and Settings\default\Cookies\default@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
D:\Documents and Settings\default\Cookies\default@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
D:\Documents and Settings\default\Cookies\default@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
D:\Documents and Settings\default\Cookies\default@offshoreclicks[1].txt -> TrackingCookie.Offshoreclicks : Cleaned.
D:\Documents and Settings\default\Cookies\default@php.offshoreclicks[2].txt -> TrackingCookie.Offshoreclicks : Cleaned.
D:\Documents and Settings\default\Cookies\default@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@overture[2].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@overture[3].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@overture[4].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@data1.perf.overture[3].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@data4.perf.overture[3].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@overture[3].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@overture[4].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@overture[5].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@overture[6].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@perf.overture[3].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@perf.overture[4].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\default\Cookies\default@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
D:\Documents and Settings\default\Cookies\default@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
D:\Documents and Settings\default\Cookies\default@paycounter[3].txt -> TrackingCookie.Paycounter : Cleaned.
D:\Documents and Settings\default\Cookies\default@paycounter[4].txt -> TrackingCookie.Paycounter : Cleaned.
D:\Documents and Settings\default\Cookies\default@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned.
D:\Documents and Settings\default\Cookies\default@www1.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
D:\Documents and Settings\default\Cookies\default@www3.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
D:\Documents and Settings\default\Cookies\default@www5.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
D:\Documents and Settings\default\Cookies\default@www6.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
D:\Documents and Settings\default\Cookies\default@www7.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@ads.pointroll[5].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads.pointroll[4].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads.pointroll[5].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads.pointroll[6].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\default\Cookies\default@pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\default\Cookies\default@pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\default\Cookies\default@mediatrack.popupsponsor[1].txt -> TrackingCookie.Popupsponsor : Cleaned.
D:\Documents and Settings\default\Cookies\default@popupsponsor[2].txt -> TrackingCookie.Popupsponsor : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned.
D:\Documents and Settings\default\Cookies\default@c.porngraph[2].txt -> TrackingCookie.Porngraph : Cleaned.
D:\Documents and Settings\default\Cookies\default@aphrodite.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@stats3.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned.
D:\Documents and Settings\default\Cookies\default@gm.preferences[1].txt -> TrackingCookie.Preferences : Cleaned.
D:\Documents and Settings\default\Cookies\default@preferences[1].txt -> TrackingCookie.Preferences : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned.
D:\Documents and Settings\default\Cookies\default@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
D:\Documents and Settings\default\Cookies\default@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Cookies\default@questionmarket[10].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Cookies\default@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Cookies\default@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Cookies\default@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Cookies\default@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Cookies\default@questionmarket[5].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Cookies\default@questionmarket[6].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Cookies\default@questionmarket[7].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Cookies\default@questionmarket[9].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Local Settings\Temp\Cookies\default@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Local Settings\Temp\Cookies\default@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\Documents and Settings\default\Cookies\default@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@oas-central.realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@realmedia[3].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@realmedia[4].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@realmedia[5].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@realmedia[6].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@realmedia[7].txt -> TrackingCookie.Realmedia : Cleaned.
D:\Documents and Settings\default\Cookies\default@project1.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@web1.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
D:\Documents and Settings\default\Cookies\default@mediatrack.revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
D:\Documents and Settings\default\Cookies\default@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
D:\Documents and Settings\default\Cookies\default@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
D:\Documents and Settings\default\Cookies\default@revenue[3].txt -> TrackingCookie.Revenue : Cleaned.
D:\Documents and Settings\default\Cookies\default@revenue[5].txt -> TrackingCookie.Revenue : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@edge.ru4[3].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@edge.ru4[4].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\default\Cookies\default@edge.ru4[10].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\default\Cookies\default@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\default\Cookies\default@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\default\Cookies\default@edge.ru4[3].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\default\Cookies\default@edge.ru4[4].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\default\Cookies\default@edge.ru4[5].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\default\Cookies\default@edge.ru4[6].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\default\Cookies\default@edge.ru4[7].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\default\Cookies\default@edge.ru4[8].txt -> TrackingCookie.Ru4 : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Cookies\default@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Cookies\default@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Cookies\default@bs.serving-sys[4].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Cookies\default@bs.serving-sys[5].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Cookies\default@bs.serving-sys[6].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Cookies\default@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
 
Rest of AVG report

D:\Documents and Settings\default\Cookies\default@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Cookies\default@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Cookies\default@serving-sys[5].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Cookies\default@serving-sys[6].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Local Settings\Temp\Cookies\default@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\default\Cookies\default@c.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
D:\Documents and Settings\default\Cookies\default@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
D:\Documents and Settings\default\Cookies\default@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
D:\Documents and Settings\default\Cookies\default@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter10.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter11.sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter16.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter2.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter3.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter3.sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter4.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter6.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter6.sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter7.sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter8.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@counter9.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\default\Cookies\default@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@adopt.specificclick[4].txt -> TrackingCookie.Specificclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@specificpop[2].txt -> TrackingCookie.Specificpop : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
D:\Documents and Settings\default\Cookies\default@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
D:\Documents and Settings\default\Cookies\default@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
D:\Documents and Settings\default\Cookies\default@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
D:\Documents and Settings\default\Cookies\default@starware[2].txt -> TrackingCookie.Starware : Cleaned.
D:\Documents and Settings\default\Cookies\default@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
D:\Documents and Settings\default\Cookies\default@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
D:\Documents and Settings\default\Cookies\default@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
D:\Documents and Settings\default\Cookies\default@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\default\Cookies\default@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\default\Cookies\default@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\default\Cookies\default@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\default\Cookies\default@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\default\Cookies\default@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
D:\Documents and Settings\default\Cookies\default@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Cleaned.
D:\Documents and Settings\default\Cookies\default@tradedoubler[4].txt -> TrackingCookie.Tradedoubler : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@trafficmp[4].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\default\Cookies\default@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\default\Cookies\default@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\default\Cookies\default@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\default\Cookies\default@trafficmp[4].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\default\Cookies\default@trafficmp[5].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\default\Cookies\default@trafficmp[6].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\default\Cookies\default@trafficmp[7].txt -> TrackingCookie.Trafficmp : Cleaned.
D:\Documents and Settings\default\Cookies\default@hestia.sextrail.trakkerd[2].txt -> TrackingCookie.Trakkerd : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\default\Cookies\default@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\default\Cookies\default@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\default\Cookies\default@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\default\Cookies\default@tribalfusion[4].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\default\Cookies\default@tribalfusion[5].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\default\Cookies\default@tribalfusion[6].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\default\Cookies\default@servedfor.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
D:\Documents and Settings\default\Cookies\default@usta.valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@valueclick[4].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@valueclick[5].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@valueclick[6].txt -> TrackingCookie.Valueclick : Cleaned.
D:\Documents and Settings\default\Cookies\default@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
D:\Documents and Settings\default\Cookies\default@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
D:\Documents and Settings\default\Cookies\default@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
D:\Documents and Settings\default\Cookies\default@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
D:\Documents and Settings\default\Cookies\default@x10[2].txt -> TrackingCookie.X10 : Cleaned.
D:\Documents and Settings\default\Cookies\default@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
D:\Documents and Settings\default\Cookies\default@xxxcounter[3].txt -> TrackingCookie.Xxxcounter : Cleaned.
D:\Documents and Settings\default\Cookies\default@xxxtoolbar[2].txt -> TrackingCookie.Xxxtoolbar : Cleaned.
D:\Documents and Settings\default\Cookies\default@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
D:\Documents and Settings\default\Cookies\default@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\default\Cookies\default@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\default\Cookies\default@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\default\Cookies\default@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\Isabel\Cookies\isabel@zedo[4].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\default\Cookies\default@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\default\Cookies\default@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\default\Cookies\default@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\default\Cookies\default@zedo[4].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\default\Cookies\default@zedo[5].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\default\Cookies\default@zedo[6].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\default\Cookies\default@zedo[8].txt -> TrackingCookie.Zedo : Cleaned.
D:\Documents and Settings\default\Local Settings\Temp\Cookies\default@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end
 
Finally, the latest HJT log

Sorry for the multiple posts to display the AVG report.

And here is the HJT log created after all your defined steps were completed and computer was rebooted in Normal mode. I see in this log there are still a couple of CnsHook.dll's after running AVG.

Logfile of HijackThis v1.99.1
Scan saved at 2:19:33 AM, on 2/22/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis\Scanner.exe.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Chinese Keyword - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm (file missing)
O9 - Extra button: (no name) - {BF1F4A1A-BDCD-43ac-9D17-261D2C197AB8} - http://assistant.3721.com/uninstall.htm (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O11 - Options group: [!CNS] Chinese keywords
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\bin\iPodService.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: OracleOra9ias_homeClientCache - Unknown owner - C:\ora9ias\BIN\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
You did the right thing with AVG log :bigthumb:

Ok let's see...


Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode. Other rootkitrevealers don't.
 
On GMER.exe

It's running currently but I also have a Symantec AntiVirus Notification popup that reads 'Symantec Tamper Protection Alert' with the following info:

Target: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gmer.exe (PID 5456)
Time: Thursday, February 22, 2007 6:40:16 PM

Is that cause for concern?
 
GMER log and a new HJT log

Here's the GMER log:

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-22 19:18:05
Windows 5.0.2195 Service Pack 4


---- System - GMER 1.0.12 ----

SSDT 877AF268 ZwConnectPort
SSDT CnsMinKP.sys ZwCreateSection
SSDT CnsMinKP.sys ZwDeleteKey
SSDT CnsMinKP.sys ZwDeleteValueKey
SSDT 87BDD568 ZwDuplicateObject
SSDT CnsMinKP.sys ZwEnumerateKey
SSDT CnsMinKP.sys ZwEnumerateValueKey
SSDT CnsMinKP.sys ZwLoadDriver
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT CnsMinKP.sys ZwOpenSection
SSDT 87BDD6C8 ZwOpenThread
SSDT CnsMinKP.sys ZwQueryValueKey
SSDT CnsMinKP.sys ZwRestoreKey
SSDT CnsMinKP.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text NTDLL.DLL!NtClose 77F881F8 5 Bytes JMP 7203407A
.text NTDLL.DLL!NtCreateProcess 77F88308 5 Bytes JMP 72034205
.text NTDLL.DLL!NtCreateSection 77F88328 5 Bytes JMP 72034098

---- User code sections - GMER 1.0.12 ----

.text C:\WINNT\Explorer.EXE[1836] WININET.dll!HttpAddRequestHeadersA 6303D5F4 5 Bytes JMP 01A61628 C:\PROGRA~1\3721\alrex.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3284] WININET.DLL!HttpAddRequestHeadersA 6303D5F4 5 Bytes JMP 00831628 C:\PROGRA~1\3721\alrex.dll

---- EOF - GMER 1.0.12 ----

Here's the new HJT log. Still some CNSHook dll's:

Logfile of HijackThis v1.99.1
Scan saved at 7:19:58 PM, on 2/22/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunOnce: [3721C:\PROGRA~1\3721\notifier.dll4105543] regsvr32 /s C:\PROGRA~1\3721\notifier.dll
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Chinese Keyword - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm (file missing)
O9 - Extra button: (no name) - {BF1F4A1A-BDCD-43ac-9D17-261D2C197AB8} - http://assistant.3721.com/uninstall.htm (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm (file missing)
O11 - Options group: [!CNS] Chinese keywords
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\bin\iPodService.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: OracleOra9ias_homeClientCache - Unknown owner - C:\ora9ias\BIN\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
Ok I need a one more log before we may continue the cleaning. These chinese infections can be nasty.

Generate a HijackThis Startup list:
Open HijackThis:
  • Click on "Open the Misc Tools Section"
  • Check the following boxes to the right of "Generate StartupList Log":
    • List also minor sections (Full)
    • List empty sections (Complete)
  • Click "Generate StartupListLog"
  • Click "Yes" at the prompt.
  • A Notepad window will open with the contents of the HijackThis Startup list displayed
  • Copy & Paste that log to here
 
HijackThis log

You're not kidding about these Chinese infections! Here's the log....

StartupList report, 2/23/2007, 5:49:06 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Administrator\Desktop\HijackThis\Scanner.exe.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\rundll32.exe
D:\Program Files\bin\iPodService.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DfrgFat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis\Scanner.exe.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NGClient = C:\Program Files\Symantec\Ghost\ngctw32.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
CnsMin = Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
helper.dll = C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=(NONE)
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
IE - C:\WINNT\DOWNLO~1\CnsHook.dll - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[{0000000A-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINNT\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37861.5178356481

[{CEBC955E-58AF-11D2-A30A-00A0C903492B}]
CODEBASE = http://windowsupdate.microsoft.com/R778/V31Controls/x86/nt5/en/actsetup.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
SysTray: stobject.dll
WebCheck: C:\WINNT\System32\webcheck.dll

--------------------------------------------------
End of report, 5,938 bytes
Report generated in 2.003 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
VSAdd-in for IE?

Are these Chinese keyword infections related to the VSAdd-in for IE that I can't remove via Add/Remove Programs??
 
Hi :)

You forgot to check these two options before creating the startuplist:
* List also minor sections (Full)
* List empty sections (Complete)

Please check those two options and post a new startuplist.

And yes, that VSAdd-in for IE is a baddie too. We'll get rid of it.

:bigthumb:
 
Oops. Here you go...thought I checked both boxes.

StartupList report, 2/24/2007, 3:28:11 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Administrator\Desktop\HijackThis\Scanner.exe.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\rundll32.exe
D:\Program Files\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINNT\system32\ifconfig.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis\Scanner.exe.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NGClient = C:\Program Files\Symantec\Ghost\ngctw32.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
CnsMin = Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
helper.dll = C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
(Default) = ifconfig.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

(Default) = ifconfig.exe

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=(NONE)
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
IE - C:\WINNT\DOWNLO~1\CnsHook.dll - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[{0000000A-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINNT\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37861.5178356481

[{CEBC955E-58AF-11D2-A30A-00A0C903492B}]
CODEBASE = http://windowsupdate.microsoft.com/R778/V31Controls/x86/nt5/en/actsetup.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
SysTray: stobject.dll
WebCheck: C:\WINNT\System32\webcheck.dll

--------------------------------------------------
End of report, 6,187 bytes
Report generated in 1.102 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
You must log in or register to reply here.
Back
Top