Check Up Time.&nbsp;[RESOLVED]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Check Up Time. [RESOLVED] Computer freezes & net not always connecting the last few days. I

#1 delnz99

Group: Member
Posts: 38
Joined: 23-June 06

Posted 24 June 2006 - 07:32 AM

As described, I have been experiencing the odd freeze where nothing will work, not alt+ctrl+del, nothing. This doesn't always happen when doing the same processes - for instance, it has happened when playing a game then it's happened when surfing online or on MSN messenger, sometimes it will freeze when it's booting up. My solution has been to turn it off using the switch at the back (because the front button won't work when it's frozen) & leave it for a while.

The internet disconnection problem can happen at any time. I have ADSL & have recently got a wireless router for the new laptop we got. The internet will just disconnect on my desktop yet the laptop will still be connected. Although it did disconnect often over the stormy season, which didn't affect me so much because I would completely unplug the whole lot during a storm anyway, but after a storm or really rainy period, the internet wouldn't connect. Either way, my solution would be to turn everything off and just leave it alone for a while ~ the only thing I know how to do!!

I have a Hijack This log that may point out something really obvious to you guys but it doesn't entirely mean much to me (although I am more than willing to learn if someone were patient enough to teach me!)

Logfile of HijackThis v1.99.1
Scan saved at 11:14:41 PM, on 24/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrojanHunter 4.5\TrojanHunter.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbrother.3mobile.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbrother.3mobile.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RebateNation0] "C:\Program Files\Rebate_Nation\RebateNation0.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ulvpzlv] C:\WINDOWS\system32\hyodvet.exe r
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Simcast] C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe
O4 - HKLM\..\Run: [Wfrmsrv] C:\WINDOWS\Wfrmsrv.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://madelespanks....ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144800727781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\ktr2l79o1.dll (file missing)
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I'm not even sure I have done it right. Any feedback would be much appreciated

#2 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 24 June 2006 - 09:36 PM

Hi delnz99

Welcome to GTG!

* Go to Add/Remove programs and uninstall VCClient.

* Ddownload ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close ewido and reboot your system back into Normal Mode and post the results of the ewido scan along with a new Hijack This log.

#3 delnz99

Group: Member
Posts: 38
Joined: 23-June 06

Posted 25 June 2006 - 01:25 AM

Hi Flrman,
Thanks for replying.

I cannot see VCClient in the list when I open Add/Remove Programs. I am continuing on to the next step ok.

#4 delnz99

Group: Member
Posts: 38
Joined: 23-June 06

Posted 25 June 2006 - 02:18 AM

Here are the results of the ewido scan:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:10:13 PM 25/06/2006

+ Scan result:

C:\WINDOWS\uzhoiedcy.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\i060lajm1doa.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\j66mlgj116o.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kodusx.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\q6rq0g95e6.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\r4p8le7u1h.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Network\ipnetwork.exe.tcf -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\bratzsss.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Alannah\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Alannah\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Alannah\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Alannah\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Alannah\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\aaascreensavers\Harry Potter and the Goblet of Fire\VVSNInst.exe.tcf -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\bratzsss.zip\VVSNInst.exe.tcf -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\unzipped\ebay entrepreneur kit\1.wma -> Downloader.Wimad.d : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.336:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.785:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Brooke\Application Data\Mozilla\Profiles\default\ryw2fwve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Brooke\Application Data\Mozilla\Profiles\default\ryw2fwve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Brooke\Application Data\Mozilla\Profiles\default\ryw2fwve.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.390:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.487:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.928:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.956:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Adele Banks\Cookies\adele banks@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.951:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.465:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.466:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.467:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.468:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.469:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.470:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.288:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.289:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.905:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.907:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.269:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Brooke\Application Data\Mozilla\Profiles\default\ryw2fwve.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.841:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Brooke\Application Data\Mozilla\Profiles\default\ryw2fwve.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Adele Banks\Cookies\adele banks@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.320:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Brooke\Application Data\Mozilla\Profiles\default\ryw2fwve.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.341:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.342:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.343:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.344:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.345:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.346:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.480:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Brooke\Application Data\Mozilla\Profiles\default\ryw2fwve.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.536:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Brooke\Application Data\Mozilla\Profiles\default\ryw2fwve.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Brooke\Application Data\Mozilla\Profiles\default\ryw2fwve.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.427:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.418:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
:mozilla.419:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\zh2szir3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Brooke\Application Data\Mozilla\Profiles\default\ryw2fwve.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.773:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Adele Banks\Cookies\adele banks@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\93flzq97.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Adele Banks\Application Data\Mozilla\Firefox\Profiles\qmrjl7ns.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Mark\Application Data\Netscape\NSB\Profiles\t1nac4tq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.322:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Alannah\Application Data\Mozilla\Firefox\Profiles\ociyy6ea.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\72pkqofc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Alannah\

#5 delnz99

Group: Member
Posts: 38
Joined: 23-June 06

Posted 25 June 2006 - 02:21 AM

...sorry I didn't realise how big it was! I will attach a copy of the file.

Attached File(s)

Report_Scan_20060625_181013.txt (258.6K)
Number of downloads: 29

#6 delnz99

Group: Member
Posts: 38
Joined: 23-June 06

Posted 25 June 2006 - 02:26 AM

And here is the new HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:20:07 PM, on 25/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbrother.3mobile.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbrother.3mobile.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RebateNation0] "C:\Program Files\Rebate_Nation\RebateNation0.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ulvpzlv] C:\WINDOWS\system32\hyodvet.exe r
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Simcast] C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe
O4 - HKLM\..\Run: [Wfrmsrv] C:\WINDOWS\Wfrmsrv.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://madelespanks....ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144800727781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#7 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 25 June 2006 - 01:10 PM

* Click here to download ATF Cleaner by Atribune and save it to your desktop.

* Click Here and download Killbox and save it to your desktop.

* Download DelDomains.inf from here. Save the DelDomains.inf file to your desktop.

Rightclick DelDomains.inf and choose install.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.

* Go to Add/Remove programs and uninstall RebateNation, Web Rebates or anything with "Rebates" in the name.

* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [RebateNation0] "C:\Program Files\Rebate_Nation\RebateNation0.exe"

O4 - HKLM\..\Run: [ulvpzlv] C:\WINDOWS\system32\hyodvet.exe r

O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe

O4 - HKLM\..\Run: [Wfrmsrv] C:\WINDOWS\Wfrmsrv.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - Startup: PowerReg Scheduler.exe

O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Double-click on Killbox.exe to run it.

Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

C:\Program Files\Rebate_Nation

C:\WINDOWS\system32\hyodvet.exe

C:\Program Files\Network

C:\WINDOWS\Wfrmsrv.exe

C:\Program Files\Common Files\VCClient
Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.
Exit the Killbox.

* Run ATF Cleaner:

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- If you use Firefox:
  - Click Firefox at the top and choose: Select All
  - Click the Empty Selected button.
  - NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- If you use Opera:
  - Click Opera at the top and choose: Select All
  - Click the Empty Selected button.
  - NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

* Restart back into Windows normally now.

* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

#8 delnz99

Group: Member
Posts: 38
Joined: 23-June 06

Posted 26 June 2006 - 06:20 PM

Ok, my apologies for the delay with my response, I would have replied sooner had my computer been going! It's really bad now & I am none the wiser as to what is actually going on with it but from the blue screens that I have been getting (when it does go that is), I am thinking it must be a hardware problem.
But first... when I could manage to get the computer going long enough, I carried out most of your instructions except for the following
=>DelDomains.inf - didn't download this coz there were no links at all on the page that said DelDomains.inf.
=>there were no programs that had 'Rebate' in them in the Add/Remove Programs thingy.
=>ActiveScan didn't work the first time I opened that page, it might have been an internet connection problem though - then the next time I tried it, the computer froze - so I didn't do the ActiveScan.

Also, I did notice something with the colouring of the screen yesterday (when I managed to get it to my desktop) - it had changed colour slightly, like it had yellowed or something. But this morning it wasn't like that - but I have got that freakin blue screen again! It was fine for about half an hour, then the internet connection played up and about 5 mintues later everything went black and about 5 minutes after that I got a blue screen. Here is what the blue screen had to say yesterday...
"A problem has been detected and windows has been shut down to prevent damage to your computer.

The problem seems to be caused by the following file: nv4_disp

...blah blah blah...

The device driver got stuck in an infinite loop...blah blah blah...

Technical information

***STOP:0x000000EA (0x86C3E3B0, 0x86A3E118, 0xF796ACB4, 0x00000001)
nv4_disp
Beginning dump of physical memory...blah blah blah"

Anyway, here is the latest HiJackThis log, as requested:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:28 PM, on 26/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbrother.3mobile.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbrother.3mobile.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Simcast] C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://madelespanks....ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144800727781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#9 delnz99

Group: Member
Posts: 38
Joined: 23-June 06

Posted 26 June 2006 - 06:44 PM

I don't know if this means anything but looking over the HijackThis log, I noticed 3 things
=>BearShare - I have no idea what this is but the name rings a bell & I am sure it is something I may have downloaded but uninstalled.
=>SimCast Alerts - I do know what this is and I thought I'd uninstalled it.
=>RebateNation - when I did the Killbox thing yesterday, it said C:\Program Files\Rebate_Nation did not exist.

Also, we have a spare power supply that my husband is hooking up now. Maybe this will make a difference. He is leaving the laptop with me today so whether the power supply does work or not, I can still post on the forum.

Edit: The spare power supply was useless.

#10 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 27 June 2006 - 05:49 PM

The stop errors you are getting appear to be related to your sound card. You should probably update the video card drivers.

Berarshare is a p2p filesharing app that you should remove via add/remove programs. P2p apps like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

The Deldmains.inf file need to be downloaded with Internet Explorer. Save it to your dektop. Don't choose open, choose save in the download dialogue box then save it to your desktop.

* Download DelDomains.inf from here.
Save the DelDomains.inf file to your desktop.
Rightclick DelDomains.inf and choose install.

* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

#11 delnz99

Group: Member
Posts: 38
Joined: 23-June 06

Posted 29 June 2006 - 03:31 AM

Hey

Thanks for being so patient with me. It turned out I did need a new power supply so I got one and updated the driver for the video card like you said, then I followed your other instructions and here are the results:
=> I couldn't remove BearShare as it wasn't in the Add/Remove Programs list.
=> Kaspersky Scan Results: (see attached document)

=>Uninstall list:

Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Photoshop CS
Adobe Reader 7.0.8
Adobe SVG Viewer 3.0
Age of Mythology Gold
AVG Free Edition
BigPond ADSL SIK 5.6 Files
Bouncy Ball
Cat Laugh
christmas17
CleanUp!
Creative MediaSource
ewido anti-spyware 4.0
Falling Hearts
Google Earth
Hasee Bounce Screen Saver
Hijackthis 1.99.1
HijackThis 1.99.1
ICQ 5.1
iloveu
IncrediMail Xe
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Kaspersky Online Scanner
Lexmark X1100 Series
LimeWire 4.10.9
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Chat 2.5
Microsoft Data Access Components KB870669
Microsoft Excel 97
Microsoft Office 2000 SR-1 Standard
Microsoft Office 97, Standard Edition
Microsoft Picture It! Photo 7.0
Microsoft Works 2003 Setup Launcher
Mozilla Firefox (1.5.0.4)
MS Access 97 SP2
MSN Messenger 7.5
MSXML4 Parser
Music Coach Player
Nero 7 Demo
NVIDIA Display Driver
NVIDIA nForce Utilities
NVIDIA Windows 2000/XP nForce Drivers
printQuick
pstoedit and importps 3.44
QuickTime
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Signing Out
SlowBlast!
Sound Blaster Audigy LS
SpongeBob SquarePants - Battle for Bikini Bottom
Spybot - Search & Destroy 1.3
Tag your it
Total Video Converter 2.603
Tough Lick
TrojanHunter 4.5
Twisted Whiskers Laughing Dog
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Messenger 5.1
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
www.meewinks.org - MeeWinks 1
XoftSpy
Yahoo! Messenger

=>HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:15:47 PM, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbrother.3mobile.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbrother.3mobile.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Simcast] C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://madelespanks....ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144800727781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

THANK YOU

Attached File(s)

kaspscan.txt (80.82K)
Number of downloads: 63

#12 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 29 June 2006 - 04:04 PM

* Go to Add/Remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java 2 Runtime Environment, SE v1.4.1_02
www.meewinks.org - MeeWinks 1

* Now go here and install the latest version of Java.

* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

* Close Hijack This.

* Double-click on Killbox.exe to run it.

Put a tick by Delete on Reboot.

Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\Adele Banks\Desktop\Unused Desktop Shortcuts\MSN-Winks.exe
C:\Documents and Settings\Adele Banks\My Documents\Downloads\bratzsss.exe
C:\Documents and Settings\Adele Banks\My Documents\Downloads\dmphpgof.exe
C:\Documents and Settings\Adele Banks\My Documents\Downloads\hbtools.exe
C:\winupd.bat
C:\Documents and Settings\Alannah\My Documents\My Received Files\MSN-Winks.exe

Next in Killbox go to File > Paste from clipboard
Click on the All Files button.
Next click on the button that has the red circle with the white X in the middle.
It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot.

* After it reboots, go here and do the BitDefender online virus scan.

Click "I Agree" to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click "Click here to scan" to begin the scan.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on "Click here to export the scan results"
Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

Note: You have to use Internet Explorer to do the online scan.

#13 delnz99

Group: Member
Posts: 38
Joined: 23-June 06

Posted 30 June 2006 - 07:06 AM

Everything done as instructed, although I must point out that my screensaver came on a few times during the BitDefender scan ~ I hope that doesn't affect it.

=>Latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:01:54 PM, on 30/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbrother.3mobile.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigbrother.3mobile.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Simcast] C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: Rebate Nation - file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://madelespanks....ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144800727781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

And BitDefender scan is attached.

Thanks heaps for taking the time to help me

Attached File(s)

report.html (24.95K)
Number of downloads: 25

#14 Flrman1

Group: Retired Staff
Posts: 6,596
Joined: 17-April 05

Posted 30 June 2006 - 01:59 PM

As far as I can tell your malware problems have been solved. Does everything appear to be OK on your end now?

#15 delnz99

Group: Member
Posts: 38
Joined: 23-June 06

Posted 01 July 2006 - 05:53 AM

Yes, everything seems to be back to normal ~ THANK YOU SO MUCH I really appreciate your help! You are a champion & a legend!

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

Check Up Time. [RESOLVED] - Geeks to Go Forums

Check Up Time. [RESOLVED] Computer freezes & net not always connecting the last few days. I

#1 delnz99

#2 Flrman1

#3 delnz99

#4 delnz99

#5 delnz99

Attached File(s)

#6 delnz99

#7 Flrman1

#8 delnz99

#9 delnz99

#10 Flrman1

#11 delnz99

Attached File(s)

#12 Flrman1

#13 delnz99

Attached File(s)

#14 Flrman1

#15 delnz99

Share this topic:

Related Topics: