Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

twinstoo2

86 Posts

1289

September 12th, 2006 15:00

Log Posted For Viraburst.com Spyware

 
 have a Dimension 8250 and this morning I noticed I had a blinking icon in the bottom right tray.  I clicked on it and it told me to go to a website to get rid of all the spyware on my computer.  It keeps blinking and popping up occasionally.  The website is virusburst.com and the error comes up with critical system error and then disappears.   I was advised to download HijackThis and this is my log.  Can anyone help?  Thanks,  Janine
 
Logfile of HijackThis v1.99.1
Scan saved at 12:50:23 PM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Janine\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebostonchannel.com/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: *.workathomeagent.com
O15 - Trusted Zone: http://connect.workathomeagent.net
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.6.3.34/peaks/peaks-en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148700143406
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} (MicroX Persistent Mainframe Display Control) - https://calltaking2.workathomeagent.net/walldata/curVersion/hostexpress.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pogo.com/online2/pogop/chuzzle/popcaploader_v6.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/7530-b327h/rnl/java/RntX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75FF8A3E-8A61-4744-BD53-B59D7983555D}: NameServer = 85.255.115.6,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: campy - {168cf174-6dab-461c-a761-a7adfa5a5719} - C:\WINDOWS\system32\wuwbxp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

1972vet

3.3K Posts

September 15th, 2006 17:00

Please download:
SmitfraudFix (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press" Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply.

Note :
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

twinstoo2

86 Posts

September 19th, 2006 13:00

Hi,
 
I ran the test and this is what I received. Thanks,  Janine
 
 
SmitFraudFix v2.93
Scan done at 10:07:43.14, Tue 09/19/2006
Run from C:\Documents and Settings\Janine\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\wuwbxp.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Janine\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Janine\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Virus-Burst\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{168cf174-6dab-461c-a761-a7adfa5a5719}"="campy"
[HKEY_CLASSES_ROOT\CLSID\{168cf174-6dab-461c-a761-a7adfa5a5719}\InProcServer32]
@="C:\WINDOWS\system32\wuwbxp.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{168cf174-6dab-461c-a761-a7adfa5a5719}\InProcServer32]
@="C:\WINDOWS\system32\wuwbxp.dll"
 
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
 

1972vet

3.3K Posts

September 19th, 2006 16:00

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, reboot the computer into Safemode.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press" Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into your Normal Windows user mode.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Also post a fresh hijackthis log

twinstoo2

86 Posts

September 19th, 2006 21:00

Hi,
 
I ran the Smitfraudfix in safe mode and this is a copy of the log and my new hijack this log also. 
 
 
SmitFraudFix v2.93
Scan done at 17:53:00.18, Tue 09/19/2006
Run from C:\Documents and Settings\Janine\My Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
 
Hijack file:Logfile of HijackThis v1.99.1
Scan saved at 6:03:10 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Janine\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebostonchannel.com/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: *.workathomeagent.com
O15 - Trusted Zone: http://connect.workathomeagent.net
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.6.3.34/peaks/peaks-en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148700143406
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} (MicroX Persistent Mainframe Display Control) - https://calltaking2.workathomeagent.net/walldata/curVersion/hostexpress.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pogo.com/online2/pogop/chuzzle/popcaploader_v6.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/7530-b327h/rnl/java/RntX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75FF8A3E-8A61-4744-BD53-B59D7983555D}: NameServer = 85.255.115.6,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
 
 
 

1972vet

3.3K Posts

September 20th, 2006 04:00

Download Ewido anti-spyware to your desktop.
This is a 30 day free trial. At the end of the 30-day trial period the full version features (active guard, automatic updates...) will be deactivated and the program will become a feature-limited freeware version...You can still keep it and use it for "On Demand" scanning.
  • Double click the icon on the desktop to launch the set up program.
  • Select Change state to inactivate "Resident Shield" and "Automatic Updates". Right click on ewido in the system tray and uncheck "Start with Windows".
  • Once the setup is complete you will need to update the definition files.
  • On the main screen select the icon Update then click the Start Update button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  • Once in the Settings screen click on Recommended actions and then select Quarantine.
  • Under Reports
  • Select Automatically generate report after every scan
  • Un-Select Only if threats were found

Close ewido anti-spyware.

Please boot into Safe mode:

Restart the computer and immediately begin tapping the F8 key (or F5 on some Dell machines).
Use the arrow keys to highlight Safe Mode and press the Enter key. Once in safe mode, continue with the instructions below:

  • Launch ewido anti-spyware by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top, then the Scan tab then click on Complete System Scan.
  • ewido will now begin the scanning process, be patient this may take some time.
  • When prompted of an infection, please select Apply all actions

Once the scan is complete do the following:
  • Next select the Reports icon at the top.
  • Select the Save report as button in the lower left hand of the screen and save it to your Desktop.
Now close ewido anti-spyware.

Reboot and perform this online scan: F-Secure Online Scanner Next Generation Beta
1. Click on the link " F-Secure Online Scanner Next Generation Beta".
2. You may receive an alert on the address bar at this point to install the ActiveX control.
3. Click on that alert and then Click Insall ActiveX component.
4. Read the license agreement and click " Accept".
5.Click " Custom Scan" and be sure the following are checked:
  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Scan inside archives
  • Use advanced heuristics
6. When the scan completes, click the " I want to decide item by item" button.
7. For each item found, Select " Disinfect" and click " Next".
8. When done, click the " Show Report" button, then copy and paste the entire report into your next reply along with the Ewido scan log and a fresh HijackThis log. Thanks!

twinstoo2

86 Posts

September 21st, 2006 14:00

Hi,
 
I keep trying to send my logs to you but an error keeps coming up telling me that the message cannot exceed 20,000 characters.  Do you know why it would be doing this?  I have the logs all ready.
 
Janine

1972vet

3.3K Posts

September 21st, 2006 18:00

Try to post them one at a time. It will create several posts but because of the forum software, we will have to work with it like that.

twinstoo2

86 Posts

September 21st, 2006 21:00

 Hi,
 
Here is my F Secure Log,
 
Janine
Scanning Report Thursday, September 21, 2006 08:46:29 - 11:05:25

Computer name: FAMILYCOMPUTER
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\

Result: 10 malware found
  • C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\283E4D58.wmf (Submitted)
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia.zip (Submitted)
Tracking Cookie (spyware)
  • System (Disinfected)
  • System
  • System
  • System
  • System
  • C:\Documents and Settings\Alwie\Local Settings\Temporary Internet Files\Content.IE5\NH8KWZRN\countryfinder[1].htm (Renamed & Submitted)
  • C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A7717C9.zip (Submitted)
  • C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A7143D0.anr (Submitted)
Statistics
Scanned:
  • Files: 144201
  • System: 3985
  • Not scanned: 39
Actions:
  • Disinfected: 1
  • Renamed: 1
  • Deleted: 0
  • None: 8
  • Submitted: 5
Files not scanned:
  • C:\HIBERFIL.SYS
  • C:\PAGEFILE.SYS
  • C:\WINDOWS\SYSTEM32\BIOS1.ROM
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
  • C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
  • C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\MASTERS.BASE
  • C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\MASTERS\MASTERS.BAK
  • C:\PROGRAM FILES\NORTON ANTIVIRUS\SAVRT\0255NAV~.TMP
  • C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
  • C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
  • C:\DOCUMENTS AND SETTINGS\ALL USERS.LOG
  • C:\DOCUMENTS AND SETTINGS\DEFAULT USER.LOG
  • C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
  • C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
  • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
  • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
  • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\WEBROOT\SPY SWEEPER\TEMP\SSCS045B02DC-4499-4BC0-ACBA-41718146445E.TMP
  • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\WEBROOT\SPY SWEEPER\DATA\SETTINGS.DAT
  • C:\DOCUMENTS AND SETTINGS\JANINE\NTUSER.DAT
  • C:\DOCUMENTS AND SETTINGS\JANINE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
  • C:\DOCUMENTS AND SETTINGS\ALWIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBDAM
  • C:\DOCUMENTS AND SETTINGS\ALWIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBEAM
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PipasA.zip\sbRecovery.reg
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PipasA1.zip\sbRecovery.reg
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PipasA2.zip\sbRecovery.reg
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PipasA3.zip\sbRecovery.reg
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Vcodec.zip\sbRecovery.reg
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia.zip\uninst.exe
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia1.zip\sbRecovery.ini
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia2.zip\sbRecovery.reg
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia3.zip\sbRecovery.reg
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.reg
  • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobZCodec.zip\sbRecovery.ini
  • C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\DR WATSON\USER.DMP
Options
Scanning engines:
  • F-Secure AVP: 6.0.171, 2006-09-21
  • F-Secure Libra: 2.4.1, 2006-09-20
  • F-Secure Orion: 1.2.37, 2006-09-21
  • F-Secure Blacklight: 1.0.31, 0000-00-00
  • F-Secure Pegasus: 1.19.0, 2006-08-14
  • F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
  • Scan all files
  • Scan inside archives
  • Use Advanced heuristics
    Copyright © 1998-2006 Product support | Send virus sample to F-SecureF-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

    twinstoo2

    86 Posts

    September 21st, 2006 21:00

    Logfile of HijackThis v1.99.1
    Scan saved at 11:09:20 AM, on 9/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Janine\Desktop\hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebostonchannel.com/index.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.west.com
    O15 - Trusted Zone: *.workathomeagent.com
    O15 - Trusted Zone: http://connect.workathomeagent.net
    O15 - Trusted Zone: *.workathomeagent.net
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.6.3.34/peaks/peaks-en_US.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148700143406
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} (MicroX Persistent Mainframe Display Control) - https://calltaking2.workathomeagent.net/walldata/curVersion/hostexpress.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pogo.com/online2/pogop/chuzzle/popcaploader_v6.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/7530-b327h/rnl/java/RntX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{75FF8A3E-8A61-4744-BD53-B59D7983555D}: NameServer = 85.255.115.6,85.255.112.20
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     

    twinstoo2

    86 Posts

    September 21st, 2006 22:00

    This is the other half of ewido.  Thanks for all your help!  Janine
     
     
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wfk4sod5mgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wfkyapcjcco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wflikndjwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wfliujczafq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wfloclazgbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wflyundzedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wgkiqodjghq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wgkosgdzmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wglyqkdjahp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6whliqpdpkbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wjk4ugajkfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wjkowhdpklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wjkysocpmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wjkyugdjclp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wjl4amazalp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wjlyelajedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wjlysmcjago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wjmicnczggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wjmyakczsfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@e-2dj6wjnyokajoeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wfkoand5ido.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wfl4ugcziao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wfloagdjwko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wfloupdjwbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wgkiohdpehp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wgmyekczkkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjk4eodzkdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjk4kmdpeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjk4wndpshq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjkyahczodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjkyajcpkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjkyegazkbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjloopczaep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjlounc5okq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjlycjczkho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjlyqicpkbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjnyehcpclo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjnyomcpocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjnywjdzifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@ehg-legacy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@counter11.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

    ::Report end
     

    1972vet

    3.3K Posts

    September 21st, 2006 22:00

    Your Java application is out of date and causes a slight security risk as a result.
    Please follow these steps to remove older version Java components

    1. Close any open programs you may have running, especially your web
    browser.

    2. Click Start-->Control Panel-->Add or Remove Programs.
    For those just reading this thread:
    Depending on your OS, you may have to click Start-->Settings-->Control Panel-->Add or Remove Programs.

    3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.
    Not every version of Java will begin with "Java" so be sure to read each entry in the list.
    Repeat step 3 as many times as necessary to remove all versions of Java.
    **If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

    4. Navigate to and delete:
    • C:\Program Files\ Java =this folder if found
    5. Then go to this page.
    Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"and click the "Download" button to the right.

    6. Check the box that says: "Accept License Agreement" the page will refresh and click on the link to download Windows Offline Installation with or without Multi-language. Save it to your desktop.
    Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.

    Please disconnect from the internet. Run HijackThis again and check the following:
    O15 - Trusted Zone: *.west.com
    O15 - Trusted Zone: *.workathomeagent.com
    O15 - Trusted Zone: http://connect.workathomeagent.net
    O15 - Trusted Zone: *.workathomeagent.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{75FF8A3E-8A61-4744-BD53-B59D7983555D}: NameServer = 85.255.115.6,85.255.112.20
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.20

    Close all windows except for HijackThis then click Fix Checked.

    Reboot and post a new HijackThis log. How is the computer running now?

    twinstoo2

    86 Posts

    September 21st, 2006 22:00

    The ewido report I have to post half and half in two posts.  It would not let me post it whole, it was giving me the 20,000 character error.
     
     
     
     
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------
     + Created at: 4:56:10 PM 9/20/2006
     + Scan result: 
     
    C:\Documents and Settings\Alwie\Cookies\alwie@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@j2global.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\Janine\Cookies\janine@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brittany & Brandon\Cookies\brittany & brandon@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfk4cldjoaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfk4wjczoko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfkielcpghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfkiqid5ccp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfkiqnc5gho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfkoskdjehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfkospd5gfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfkygpazcgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfkywjczghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfl4uhajodo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfl4uicjwho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfligld5ibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfloejd5kao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wflowpczkfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfmicldpwhp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfmioiczigp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfmiojdzoeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfmykmcpscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wfmyqhdzwcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgk4sjcpaho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgk4wpdjego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgkicocjwbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgkionajieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgkoqmajico.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgkoqmazmfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgkosnajmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgkosnc5wcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgkygoc5mao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgkykjd5ogo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgl4clcpkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgl4kmdzibp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgl4uodzwbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgmiqlajogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wgmysmcpahq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6whkigldpefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6whkiolajgdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6whlyknajwlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6whlyqoazaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkocpajwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkoggcjiko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkowoajmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkyahdpcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkycgdpiao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkycncjkgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkyekazego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkyggcpmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkygmajogp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkykkd5kgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkykpcjgcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkyogdpwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjkyolazcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjl4agcpebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjl4epdpmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjl4umazmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjlickazeho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjligod5ghp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjliopcpcfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjliwldpwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjloaoajodo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjlokiajscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjlokncpchq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjloukc5ako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjlowic5wdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjlycjczkho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjlyemd5igp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjlysmcpobo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjlyumajolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjmicnczggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjmieocpalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjmiokajwgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjmyejd5ocq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjmyqjdzgeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjmywpd5oeq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjnyahd5eko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjnyegc5kao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjnyghdjiap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjnygkdpsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjnyojdpegq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjnyopdjako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjnyqhcpolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjnyqnczseo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjnysmczcaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Alwie\Cookies\alwie@e-2dj6wjnysocjehq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).

    Was this post helpful?

    View All

    0 events found

    No Events found!

    Top