Computer Hope
Software => Computer viruses and spyware => Topic started by: earmic on April 06, 2009, 03:05:56 PM
-
I have done the initial tasks of running HJthis and SASware as needed in the before you start post. The CCleaner would not run. I need help disinfecting this thing please.
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:10 AM, on 4/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\McAfee\Common Framework\udaterui.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.exe
D:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmc.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [HPLJ Config] D:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1320 PCL 6" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Documents and Settings\engineering\My Documents\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: OpenOffice.org 2.3.lnk = D:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4398 bytes
UPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2009 at 07:39 PM
Application Version : 4.26.1000
Core Rules Database Version : 3816
Trace Rules Database Version: 1770
Scan type : Complete Scan
Total Scan Time : 02:02:37
Memory items scanned : 425
Memory threats detected : 0
Registry items scanned : 3552
Registry threats detected : 46
File items scanned : 116527
File threats detected : 247
Adware.HotBar/ShopperReports (Low Risk)
HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Adware.Zango/ShoppingReport
HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Default Visible
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ButtonText
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#HotIcon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Icon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ClsidExtension
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\Config.xml
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\db\Aliases.dbs
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\db\Sites.dbs
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\db
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\dwld
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\report\aggr_storage.xml
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\report\send_storage.xml
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\report
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\res2
D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs
D:\Documents and Settings\engineering\Application Data\ShoppingReport
Adware.Tracking Cookie
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@overture[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@dcsn3k5o910000086aqymxzgy_6w7r[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@casalemedia[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@revsci[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@eyewonder[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@interclick[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@collective-media[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@findarticles[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@specificclick[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@adlegend[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@advertising[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][5].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@zedo[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@apmebf[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@15744040[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@doubleclick[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@discountramps[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@atdmt[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@statcounter[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@clickbank[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@bluestreak[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@atvpathfinder[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@adinterax[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@spamblockerutility[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@insightexpressai[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@media6degrees[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@tacoda[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@bravenet[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@tribalfusion[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@kontera[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@adbrite[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@adrevolver[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@trafficmp[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@partner2profit[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@hitbox[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@tripod[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@44153975[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@zedomax[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@realmedia[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@cp-track[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@pro-market[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@cgi-bin[3].txt
D:\Documents and Settings\engineering\Cookies\engineering@serving-sys[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@easy-hit-counters[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@nextag[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@atvdiscounter[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@centralmediaserver[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@tradedoubler[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@questionmarket[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@dealtime[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@5255712[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@41186290[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@dcs4z9z5284gol4nko46dauim_9c9l[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@114bbb10be[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@1068870357[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@revenue[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@70307935[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@1069371010[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@discount-trailers[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@dmtracker[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@indextools[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@ystat[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@fortunecity[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@coolsavings[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@chitika[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@57386690[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@azjmp[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@19596369[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@1072740670[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@bizrate[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@fastclick[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@64258960[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@qnsr[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@1070779877[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@octobercountrycomics[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@motorcycles1230735600[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@pagead[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@76226072[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@mediaplex[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@ak[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@smartadserver[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@specificmedia[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@73335289[2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\engineering@2o7[2].txt
D:\Documents and Settings\engineering\Cookies\engineering@1072546108[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\engineering@yourmedia[1].txt
D:\Documents and Settings\engineering\Cookies\engineering@accounts[1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Cookies\[email protected][3].txt
D:\Documents and Settings\engineering\Cookies\[email protected][4].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@2o7[2].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@adinterax[2].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@advertising[1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@atdmt[2].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@bizrate[1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@bluestreak[1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@casalemedia[1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@doubleclick[1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][2].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@hitbox[1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@insightexpressai[1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@mediaplex[2].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@nextag[1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@overture[1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@questionmarket[2].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@revsci[2].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\engineering@tacoda[1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\maximo 19\Cookies\maximo [email protected][2].txt
D:\Documents and Settings\maximo 19\Cookies\maximo 19@adrevolver[1].txt
D:\Documents and Settings\maximo 19\Cookies\maximo [email protected][1].txt
D:\Documents and Settings\maximo 19\Cookies\maximo 19@apmebf[2].txt
D:\Documents and Settings\maximo 19\Cookies\maximo 19@atdmt[1].txt
D:\Documents and Settings\maximo 19\Cookies\maximo 19@doubleclick[1].txt
D:\Documents and Settings\maximo 19\Cookies\maximo [email protected][1].txt
D:\Documents and Settings\maximo 19\Cookies\maximo [email protected][1].txt
D:\Documents and Settings\maximo 19\Cookies\maximo 19@mediaplex[2].txt
D:\Documents and Settings\maximo 19\Cookies\maximo [email protected][1].txt
D:\Documents and Settings\maximo 19\Cookies\maximo 19@revsci[2].txt
Malware.SpyShredder
HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\SpyShredder
HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#SpyShredder [ C:\Program Files\SpyShredder\SpyShredder.exe ]
D:\Documents and Settings\engineering\Start Menu\Programs\SpyShredder\SpyShredder.lnk
D:\Documents and Settings\engineering\Start Menu\Programs\SpyShredder\Uninstall.lnk
D:\Documents and Settings\engineering\Start Menu\Programs\SpyShredder
Trojan.WinAntiSpyware/WinAntiVirus 2006
D:\DOCUMENTS AND SETTINGS\ENGINEERING\LOCAL SETTINGS\TEMP\NI.UWAS6_0001_N85M1306\SETUP.EXE
D:\DOCUMENTS AND SETTINGS\ENGINEERING\LOCAL SETTINGS\TEMP\WINANTISPYWARE2006SETUP.EXE
-
http://www.filehippo.com/download_ccleaner/
http://download.cnet.com/ccleaner/
try one of the above for ccleaner and post the log , harry
-
I tried it from the sites, I can install it but can't get it to run.
-
http://www.computerhope.com/search.htm?cx=003411668307610607965%3Ah4yba8pbdco&cof=FORID%3A9%3BNB%3A1&q=ccleaner&sa=Search#1253
go to the above and read a few posts and you will find how to configure , harry
-
After I ran and cleaned, this is what I get for a log:
LEANING COMPLETE - (5.712 secs)
------------------------------------------------------------------------------------------
4.71MB removed.
Secure file deletion enabled - NSA (7 passes)
------------------------------------------------------------------------------------------
Details of files deleted
------------------------------------------------------------------------------------------
D:\Documents and Settings\engineering\Local Settings\Temporary Internet Files\Content.IE5\M5OBEXUT\CAI3OXI3.gif 43 bytes
Marked for deletion: D:\Documents and Settings\engineering\Local Settings\History\History.IE5\MSHist012009040720090408\index.dat
D:\Documents and Settings\engineering\Recent\engineering.lnk 477 bytes
D:\Documents and Settings\engineering\Recent\ErrorLogStore.txt.lnk 693 bytes
Emptied Recycle Bin (4 files) 4.71MB
-
i think if you run sas , malware and ccleaner again you will find that a lot of the engineering cookies etc are gone and then run hijack and post the logs in a new post
i'm not an expert just helping , how the pc going now , harry
-
I've run these several times and it is helping. Doing it again then I'll repost the logs.
-
did you get my PM harry
-
What's a PM?
-
private message. you can find a link to view your private message near the top of any forum page after logging in- it will say "Hey earmic, you have # messages, # is new"
cliuck the link there to view your private messages.