Again I didn't get the feedback. I will check my settings. It appears that kritius is busy, so I'll try to handle this..


Please download the HijackThis Installer HERE and Save to your desktop:
This should place the program in the correct directory

• Double-click on the saved file to run
• When prompted to extract hijackthis.exe. to C:\Program Files\Trend Micro\HijackThis answer Yes.
• HijackThis will automatically launch
• Click on I accept When the license agreement appears.
• click on the Do a system scan only.
• Click on the Save Log

For the Tracking Cookies:
Please download SuperAntiSpyware HERE and save to your desktop.

• Double- click on the setup and click on 'Check for updates'.
• Wait for the updates to be installed
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.

Obtain the SuperAntiSpyware log as follows:

• Click on 'Preferences'.
• Click on the 'Statistics/Logs' tab.
• Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

It will then open in your default text editor,such as Notepad. Attach the notepad file here on your reply
It's possible that the program will ask you to reboot in order to delete some files.

Then Run

Eset NOD32 Online Virus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Attach the logs from HijackThis, Eset the online scan and Superantispywareto your next reply

Some of this information has already been displayed, but I can handle it better for you if you do the scans I've given you. I'll have you remove all of the cleaning programs when we're through as well as old restore points.

To prevent the Tracking Cookies:

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:

AdBlock

Plus
Easy List

Please overlook the text in red. the spell checker locked and thinks the words are mispelled.

__________________
wave:Computer Support and Help
Virus & Malware Removal
Tutorials on "How To...."
Stop Nuisance Startups

\***Edit***

Didn't see Bobbye had already replied

__________________
__________________
Facebook Fan Page: www.tech-101.com/facebook

Useful Guides: Networking 101 Security 101 Disable Real Time Monitoring Virus/Malware Preliminary Removal Instructions

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:07, on 10/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\snuvcdsm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Windows\system32\svchost.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Users\sara and colin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\conhost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\sara and colin\AppData\Local\Google\Update\GoogleUpdate.exe " /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Startup: Dropbox.lnk = sara and colin\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12516 bytes

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/10/2010 at 08:09 PM

Application Version : 4.33.1000

Core Rules Database Version : 4574
Trace Rules Database Version: 2386

Scan type : Complete Scan
Total Scan Time : 00:31:31

Memory items scanned : 835
Memory threats detected : 0
Registry items scanned : 6476
Registry threats detected : 0
File items scanned : 19561
File threats detected : 35

Adware.Tracking Cookie
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@doubleclick[3].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@atdmt[4].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@bs.serving-sys[4].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@serving-sys[2].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@tradedoubler[2].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@atdmt[3].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@doubleclick[6].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@statse.webtrendslive[2].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@msnportal.112.2o7[1].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@apmebf[1].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@hitbox[2].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@tracking.dc-storm[1].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@mediaplex[1].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@bs.serving-sys[2].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@doubleclick[2].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@atdmt[2].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@doubleclick[4].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@atdmt[1].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@bs.serving-sys[1].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@ehg-debenhams.hitbox[1].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@serving-sys[1].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@doubleclick[1].txt
C:\Users\sara and colin\AppData\Roaming\Microsoft\Windows\Cookies\sa ra_and_colin@track.webgains[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@clickpayz1 0.91462.blueseek[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@content.yi eldmanager[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@smartadser ver[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ad.yieldma nager[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@doubleclic k[2].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@yieldmanag er[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@ad.yieldma nager[3].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@questionma rket[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@content.yi eldmanager[1].txt
C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\system@doubleclic k[1].txt

Trojan.SVCHost/Fake
C:\WINDOWS\TEMP\ENPQ.TMP\SVCHOST.EXE
C:\WINDOWS\TEMP\NPTI.TMP\SVCHOST.EXE
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9dab4f1ca708534485b85b960d3cfd86
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-10 09:09:11
# local_time=2010-02-10 09:09:11 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 7008 7008 0 0
# compatibility_mode=768 16777215 100 0 9319597 9319597 0 0
# compatibility_mode=1029 16777213 100 100 477165 1730384 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 2890966 18300197 0 0
# compatibility_mode=8192 67108863 100 0 3819 3819 0 0
# scanned=44488
# found=3
# cleaned=0
# scan_time=2346
C:\Users\sara and colin\AppData\Local\Temp\plugtmp-7\plugin-newplayer.pdf JS/Exploit.Pdfka.NRA trojan 00000000000000000000000000000000 I
C:\Users\sara and colin\AppData\Roaming\onload.exe Win32/VB.OTU trojan 00000000000000000000000000000000 I
C:\Users\sara and colin\Documents\My Received Files\Nero.9.4.26+keygen[Works With Win.7]\Nero.9.4.26.0+keygen[Works With Win.7]\Nero.9.4.26.0-ReLoaded\Nero.9.4.26.0.exe NSIS/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9dab4f1ca708534485b85b960d3cfd86
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-10 09:42:09
# local_time=2010-02-10 09:42:09 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 9459 9459 0 0
# compatibility_mode=768 16777215 100 0 9322048 9322048 0 0
# compatibility_mode=1029 16777213 100 100 479616 1732835 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 2893417 18302648 0 0
# compatibility_mode=8192 67108863 100 0 6270 6270 0 0
# scanned=38577
# found=0
# cleaned=0
# scan_time=1873
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9dab4f1ca708534485b85b960d3cfd86
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-11 06:38:40
# local_time=2010-02-11 06:38:40 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 81753 81753 0 0
# compatibility_mode=768 16777215 100 0 9394342 9394342 0 0
# compatibility_mode=1029 16777213 100 100 3775 1805129 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 2965711 18374942 0 0
# compatibility_mode=8192 67108863 100 0 78564 78564 0 0
# scanned=101634
# found=5
# cleaned=0
# scan_time=4968
C:\Users\sara and colin\AppData\Local\Temp\plugtmp-7\plugin-newplayer.pdf JS/Exploit.Pdfka.NRA trojan 00000000000000000000000000000000 I
C:\Users\sara and colin\AppData\Roaming\onload.exe Win32/VB.OTU trojan 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UYLJJ1N\newplayer[3].pdf JS/Exploit.Pdfka.NRA trojan 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\MAE90GCJ\newplayer[1].pdf JS/Exploit.Pdfka.NRA trojan 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\L ocalLow\Sun\Java\Deployment\cache\6.0\61\14833d-4bd659db probably a variant of Java/TrojanDownloader.Agent.AB trojan 00000000000000000000000000000000 I
DLL:pipe not connected. attempts=120

fraggle, you have a lot of potential for problems. ou have too many processes starting on boot, then running in the background. Every program set to auto-update will be contacting the internet multiple times a day 'looking' for an update.

You also show a pirated program which should have been removed before further support:
Nero.9.4.26+keygen[Works With Win.7]

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  :Processes    
  
  :Services
  
  :Reg
  
  :Files  
  C:\Users\sara and colin\AppData\Local\Temp\plugtmp-7\plugin-newplayer
  C:\Users\sara and colin\AppData\Roaming\onload.exe    
  C:\Windows\System32\config\systemprofile\AppData\L;ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UYLJJ1N\newplayer
  C:\Windows\System32\config\systemprofile\AppData\L;ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\MAE90GCJ\newplayeC:\Windows\System32\config\systemprofile\AppData\L  ocalLow\Sun\Java\Deployment\cache\6.0\61\14833d-4bd659dbr
  C:\Users\sara and colin\Documents\My Received Files\Nero.9.4.26+keygen[Works With Win.7]
  C:\Program Files\Ask.com\GenericAskToolbar.dll
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please empty the Java cache as follows:
Click on Control Panel> Java> Temporary Internet Files> Settings> Delete the files> Go to the Update tab and Uncheck 'check automatically for updates'> answer Yes when asked to confirm> Apply> OK

You have 2 antivirus programs running: Threat Fire and AVG. Please remove one of them.
You were also asked to disable Real Time Protection before running the scans. That would mean TeaTimer:

• Right click the TeaTimer icon in the system Tray
• Then click Exit Spybot-S&D Resident
• (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe

Reset Cookies: Previously given.

After doing the above, please explain what is presently happening on the system. The pirated software and Real Time Protection running in the background could have affected the scans.

__________________
wave:Computer Support and Help
Virus & Malware Removal
Tutorials on "How To...."
Stop Nuisance Startups

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\Users\sara and colin\AppData\Local\Temp\plugtmp-7\plugin-newplayer not found.
C:\Users\sara and colin\AppData\Roaming\onload.exe moved successfully.
File/Folder C:\Windows\System32\config\systemprofile\AppData\L ;ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UYLJJ1N\newplayer not found.
File/Folder C:\Windows\System32\config\systemprofile\AppData\L ;ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\MAE90GCJ\newplayeC:\Windows\Syst em32\config\systemprofile\AppData\L ocalLow\Sun\Java\Deployment\cache\6.0\61\14833d-4bd659dbr not found.
C:\Users\sara and colin\Documents\My Received Files\Nero.9.4.26+keygen[Works With Win.7]\Nero.9.4.26.0+keygen[Works With Win.7]\Nero.9.4.26.0-ReLoaded\Keymaker.e.Instrucciones.Nero.9 folder moved successfully.
C:\Users\sara and colin\Documents\My Received Files\Nero.9.4.26+keygen[Works With Win.7]\Nero.9.4.26.0+keygen[Works With Win.7]\Nero.9.4.26.0-ReLoaded folder moved successfully.
C:\Users\sara and colin\Documents\My Received Files\Nero.9.4.26+keygen[Works With Win.7]\Nero.9.4.26.0+keygen[Works With Win.7] folder moved successfully.
C:\Users\sara and colin\Documents\My Received Files\Nero.9.4.26+keygen[Works With Win.7] folder moved successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: sara and colin
->Temp folder emptied: 24971255 bytes
->Java cache emptied: 605284 bytes
->FireFox cache emptied: 44329148 bytes
->Google Chrome cache emptied: 6543669 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 383938784 bytes

Total Files Cleaned = 439.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02142010_172122

Files moved on Reboot...
C:\Windows\temp\182476cf-c707-4150-9c43-59e0e3464872.tmp moved successfully.
C:\Windows\temp\593a1402-f651-4d1c-97e2-7e200663d3db.tmp moved successfully.

Registry entries deleted on Reboot...


i have uninstalled all anti virus programmes other than avg will update if any further problems

Okay, will you please update me on the current system problems.

__________________
wave:Computer Support and Help
Virus & Malware Removal
Tutorials on "How To...."
Stop Nuisance Startups

the only probblem i have now is im constanly getting warning for tracking cookie.atdmt at c:users\sara and colin\application data\mozilla\firefox\profiles\k380pnni.default\coo kies.sqlite and also c:users\sara and colin\appdata\roaming\mozilla\firefox\profiles\k38 0pnni.default\cookies.sqlite and some o9ther tracking cookies lso unknown if related but no sound on firefox either

Delete all you cookies. Then follow the steps I gave you in Post 11:
Then:>> Follow this:
If you get an Alert that the site has Cookies 'do you want to accept them' Click on NO, and say NO to ALL of the Cookies in the alert.

If you have done the above? please tell me the source of this warning and what it says.:
Additionally, here are 3 programs that will give you extra security. I recommend them all. They are free:

Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.

IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.

Let me know how you do after installing these. When the problems have been resolved, I will have you remove the cleaning tools.

__________________
wave:Computer Support and Help
Virus & Malware Removal
Tutorials on "How To...."
Stop Nuisance Startups