NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 12, 2012, 11:39:44 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

Got my first nasty malware today >:[ log enclosed.


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: Got my first nasty malware today >:[ log enclosed.  (Read 4130 times)
Triscadec
Newbie
*
Posts: 6


View Profile
« on: March 09, 2006, 12:38:14 PM »
Dang, what a mess.  It looks like I have a sheriff on my puter.  I would greatly appreciate a log review to get this junk off of my machine.

Logfile of HijackThis v1.99.1
Scan saved at 1:27:59 PM, on 3/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\frnnlemA.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Windows\xpupdate.exe
C:\Palm\Hotsync.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\frnnlem.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\The Computer\Desktop\Temporary\Utilities\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: HotSync Manager.LNK = C:\Palm\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = C:\Palm\register.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.noaa.gov
O15 - Trusted Zone: http://housecall.trendmicro.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136143239375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136143224468
O20 - AppInit_DLLs: C:\WINDOWS\System32\win_4x.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll
O21 - SSODL: Adobe Acrobat 5.0 - {95AC72EB-1BC9-6541-E72E-0B6566F3DC99} - c:\program files\adobe\acrobat 5.0\reader\winlgjhi6.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\frnnlem.exe

I'm posting this about 1/2 before I have to go to work, so it may take me 12 hours or more to respond back if you have any questions....

Thanks,

Tim
Logged
1972vet
Newbie
*
Posts: 47



View Profile
« Reply #1 on: March 09, 2006, 06:12:37 PM »
Download smitRem.exe and save the file to your desktop.
If you cannot access that link, here are alternate links:
smitRem.exe
smitRem.exe
Double click on the file to extract it to its own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download Ewido Anti-Malware trial version.
  • Install Ewido Anti-Malware
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch Ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below.  If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1)  Run Ad-Aware, and click Check for updates now.
2)  Select Configurations (click the Gear wheel at the top) as follows:
  • General Button > Safety & Settings:  Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Don't run it yet!
 Exit Ad-aware.

Next, please reboot your computer in SafeMode by doing the following:[list=1]
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
    • [/list:o]
    ==================================================
    Run HijackThis, and press "Scan". When the scan is complete place a check mark next to the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe

The below 06's should only be present if you set them on purpose or if you used Spybots Home Page and Option Lock down features in the Immunize section of Spybot.. Otherwise, put a check in the box next to these too:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

If you did not place these items in your trusted zone, then put a check in the box next to these too:
O15 - Trusted Zone: http://www.noaa.gov
O15 - Trusted Zone: http://housecall.trendmicro.com

O20 - AppInit_DLLs: C:\WINDOWS\System32\win_4x.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll
O21 - SSODL: Adobe Acrobat 5.0 - {95AC72EB-1BC9-6541-E72E-0B6566F3DC99} - c:\program files\adobe\acrobat 5.0\reader\winlgjhi6.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\frnnlem.exe

After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."
===================================================
Close Hijackthis.

Then search for and DELETE the following file(s)/folder(s) highlighted in Red[/color] IF STILL PRESENT:

------C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe[/color]
C:\winstall.exe[/color]
C:\Windows\xpupdate.exe[/color]
C:\Program Files\SpySheriff\SpySheriff.exe[/color]
C:\WINDOWS\System32\win_4x.dll[/color]
C:\WINDOWS\System32\dcom_14.dll[/color]
C:\Program Files\Network Monitor\netmon.exe[/color]
C:\WINDOWS\frnnlem.exe[/color]  ----

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:
  • Then select "Settings"
  • Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
  • Select "OK" and you will return to scanning options.
  • Click on Complete System Scan and the scan will begin.

    This scan can take quite a while to run, so please be patient .
  • While the scan is in progress, you will be prompted to clean the first infected file it finds.
  • Choose Clean.
  • Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.  The best place to save it would probably be your Desktop.
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" or "Desktop Uninstall" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Post Reply.

Next, please vist Kaspersky on line Scanner.
Run a full system scan free.
If the scan finds anything malicious, follow the on screen prompts and do what is recommended.
Reboot when finished.

Let us know if any problems persist.

** It could be possible, after reboot that the system is using the windows classic theme again.
To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK
Logged
Triscadec
Newbie
*
Posts: 6


View Profile
« Reply #2 on: March 10, 2006, 11:36:53 PM »
Hello,

I got all of the way to the Panda Active Scan, but IE went nuts, and there was obviously something left on the computer.  Here are my logs after getting to the "close Ewido" instruction.  I can't get any farther because of this bug...

Highjack this log.......

Logfile of HijackThis v1.99.1
Scan saved at 12:29:53 AM, on 3/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\mousepad1.exe
C:\gimmysmileys1.exe
C:\WINDOWS\frnnlemA.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\ms05431043-2003.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\windows\rlvknlg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\PROGRA~1\COMMON~1\urko\urkom.exe
c:\windows\system32\qndsrego.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Palm\Hotsync.exe
C:\WINDOWS\VFM\command.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\System32\kwinorag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\The Computer\Desktop\Temporary\Utilities\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8AFBFBEC-F176-4878-DF6E-844C9C3CD4BE} - C:\WINDOWS\Vfzliisl.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\System32\w9seq.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [urko] C:\PROGRA~1\COMMON~1\urko\urkom.exe
O4 - Startup: HotSync Manager.LNK = C:\Palm\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = C:\Palm\register.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinorag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.noaa.gov
O15 - Trusted Zone: http://housecall.trendmicro.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\System32\w9seq.dll
O20 - AppInit_DLLs: repairs303169545.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VFM\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

Ewido log..............

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         12:06:07 AM, 3/11/2006
 + Report-Checksum:      F9591C6D

 + Scan result:

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spy Sheriff -> Adware.SpySheriff : Cleaned with backup
   HKU\S-1-5-21-448539723-1220945662-725345543-1004\Software\localNRD -> Adware.BetterInternet : Cleaned with backup
   HKU\S-1-5-21-448539723-1220945662-725345543-1004\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Cleaned with backup
   [256] VM_00400000 -> Downloader.Agent.aga : Error during cleaning
   :mozilla.7:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
   :mozilla.46:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.80:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.81:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.85:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.86:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.100:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.101:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.102:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.111:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.122:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.123:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.125:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.135:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
   :mozilla.136:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.137:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.141:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
   :mozilla.145:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.157:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.158:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.181:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.192:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
   :mozilla.193:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.199:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.203:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.204:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.205:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.206:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.211:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
   :mozilla.217:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.225:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
   :mozilla.226:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
   :mozilla.233:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
   :mozilla.234:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.235:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.236:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.237:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.242:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.243:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.244:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.245:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.246:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.247:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.249:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.250:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
   :mozilla.251:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.269:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.270:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.271:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.272:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.273:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.274:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.275:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.276:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.277:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.278:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.279:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.280:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.281:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.282:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.283:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.284:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.285:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.286:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.287:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.288:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.289:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.290:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.291:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.292:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.293:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.294:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.295:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.308:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.310:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.313:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.316:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
   :mozilla.341:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.342:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.343:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.347:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.348:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.349:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.350:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.351:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.352:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.372:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
   :mozilla.379:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
   :mozilla.380:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
   :mozilla.381:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
   :mozilla.383:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.387:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.388:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.389:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.390:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.391:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.392:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.393:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.394:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.395:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.396:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.397:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.398:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.399:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.412:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.437:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Spinbox : Cleaned with backup
   :mozilla.438:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.446:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.447:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.448:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.455:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
   :mozilla.459:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.460:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.485:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.491:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.514:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.515:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.516:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.517:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.518:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.519:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.520:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.521:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.522:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.523:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.524:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.525:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.526:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.527:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.533:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.537:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.538:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.539:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
   :mozilla.540:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
   :mozilla.541:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
   :mozilla.543:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
   :mozilla.556:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.559:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
   :mozilla.560:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
   :mozilla.573:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.575:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.576:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.577:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.597:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.598:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.615:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.616:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.630:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.635:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
   :mozilla.651:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
   :mozilla.665:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.666:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.679:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.680:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.683:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.692:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
   :mozilla.693:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
   :mozilla.708:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.716:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.740:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.767:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.768:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.769:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.770:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.773:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.793:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.794:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.804:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
   :mozilla.805:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
   :mozilla.806:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
   :mozilla.807:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
   :mozilla.818:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.819:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.820:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.821:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.824:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.840:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.841:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.843:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.857:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.906:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.931:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.932:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.935:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.943:C:\Documents and Settings\The Computer\Application Data\Mozilla\Firefox\Profiles\dzts0zxq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.65:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.70:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.71:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.111:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.121:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.122:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.123:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.128:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.129:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.130:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.131:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.132:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.133:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.144:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.166:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
   :mozilla.175:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
   :mozilla.183:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.184:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.194:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.195:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.199:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.200:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.201:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.202:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
   :mozilla.206:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.208:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
   :mozilla.209:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.210:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.211:C:\Documents and Settings\The Computer\Application Data\Phoenix\Profiles\default\h884ncej.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #3 on: March 11, 2006, 06:00:51 AM »
Hi, Trisadec.

Your system is badly infected with a large number of dangerous parasites.

Please follow these steps:

1. Download the Pocket KillBox utility.

2. Download the LSP-fix utility and the WinsockXPFix fix. You will need them later.

3. Open the Control Panel and launch the Add or Remove Programs tool. In the list of installed software find the entry Surf SideKick and uninstall the application. Then delete the entire C:\Program Files\SurfSideKick directory.

4. Open the Control Panel and launch the Add or Remove Programs tool. In the list of installed software find the entry UCmore or The Search Accelerator and uninstall the application. Then delete the entire C:\Program Files\TheSearchAccelerator directory.

5. Click on the Start button, then select Run... and type in msconfig. This should launch the Windows Configuration Utility. Select the Services tab within it and find the following entry: Command Service (cmdService). Uncheck it and apply changes by pressing the Apply button.

6. Use HijackThis to fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {8AFBFBEC-F176-4878-DF6E-844C9C3CD4BE} - C:\WINDOWS\Vfzliisl.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\System32\w9seq.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [urko] C:\PROGRA~1\COMMON~1\urko\urkom.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinorag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\System32\w9seq.dll
O20 - AppInit_DLLs: repairs303169545.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VFM\command.exe

7. Now restart your system in Safe Mode. This step is very important!

8. Once in Safe Mode, use Pocket KillBox to delete the following files:
C:\mousepad1.exe
C:\gimmysmileys1.exe
C:\WINDOWS\frnnlemA.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\ms05431043-2003.exe
C:\WINDOWS\SYSC00.exe
C:\windows\rlvknlg.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\PROGRA~1\COMMON~1\urko\urkom.exe
c:\windows\system32\qndsrego.exe
C:\WINDOWS\VFM\command.exe
C:\WINDOWS\System32\kwinorag.exe
C:\WINDOWS\System32\WinNB57.dll
C:\WINDOWS\system32\kwinorag.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\System32\w9seq.dll
C:\WINDOWS\System32\repairs303169545.dll
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\System32\nvms.dll
C:\WINDOWS\Vfzliisl.dll
C:\Program Files\NewDotNet\newdotnet7_22.dll
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\nem220.dll

Then delete the following directories:
C:\WINDOWS\VFM
C:\Program Files\NewDotNet
C:\Program Files\Common Files\urko
C:\Program Files\Internet Optimizer
C:\Program Files\Common Files\VCClient

9. Now restart your computer and try access the Internet. If you cannot, run one of these tools (you have downloaded them earlier): LSP-Fix, WinsockXPFix. This should repair your system and allow it to access the Internet.

10. After you get done, run a new HijackThis scan and post a fresh log here.


P.S. Your system is not up-to-date! You have to install Service Pack 2 for Microsoft Windows XP and Service Pack 2 for Microsoft Internet Explorer. Also apply all latest updates and security fixes.
Logged
Triscadec
Newbie
*
Posts: 6


View Profile
« Reply #4 on: March 11, 2006, 09:15:43 AM »
The following .dll's were not found by killbox...
C:\WINDOWS\System32\WinNB57.dll
C:\WINDOWS\system32\kwinorag.exe
C:\WINDOWS\System32\w9seq.dll
C:\WINDOWS\System32\repairs303169545.dll
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\System32\nvms.dll
C:\WINDOWS\Vfzliisl.dll
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\nem220.dll

And lastly, the newdotnet.dll as well as the directory could not be deleted.  It was listed as read only, and even after unchecking that box under properties, it still can't be removed.  I tried after reboot to manually remove it without any luck.  The popups are now gone, but IE is at the dreaded about:blank page.

Thanks so much for your help

Tim


Logfile of HijackThis v1.99.1
Scan saved at 10:07:34 AM, on 3/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Palm\Hotsync.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\The Computer\Desktop\Temporary\Utilities\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.LNK = C:\Palm\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = C:\Palm\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.noaa.gov
O15 - Trusted Zone: http://housecall.trendmicro.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
Logged
Triscadec
Newbie
*
Posts: 6


View Profile
« Reply #5 on: March 11, 2006, 11:53:22 PM »
Well, I ran AdAware to try and get rid of newdotnet, but no joy.  I tried Kill Box again to get rid of it on re-boot, but it is still there.  I'm starting to think that I'm never going to get rid of this garbage on my system.  Boy, have I learned a lesson about spyware/malware.

Here is my current Highjack This log.....I'm not touching my machine until I hear back from one of you good people.

Thanks,

Tim


Logfile of HijackThis v1.99.1
Scan saved at 12:46:44 AM, on 3/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Palm\Hotsync.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
c:\mousepad1.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\VFM\command.exe
c:\ucmoreiex.exe
C:\Documents and Settings\The Computer\Desktop\Temporary\Utilities\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: HotSync Manager.LNK = C:\Palm\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = C:\Palm\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.noaa.gov
O15 - Trusted Zone: http://housecall.trendmicro.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: repairs303169545.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VFM\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #6 on: March 12, 2006, 03:31:05 AM »
Hi, Triscadec.

Do you have any firewall installed? I do not see any in your log. It looks like that even the Windows Firewall is turned off. If this is true, it might be the reason why your system gets reinfected over and over again. I highly recommend downloading and installing the free version of ZoneLabs Zone Alarm.

First of all, you have to login as the Administrator. It seems that you do not have sufficient privelegies for deleting malware files. After logging on, please follow these steps:

1. Open the Control Panel and launch the Add or Remove Programs tool. In the list of installed software find the Surf SideKick entry and uninstall the application.

2. Click on the Start button, then select Run... and type in msconfig. This should launch the Windows Configuration Utility. Select the Services tab within it and find the following entry: Command Service (cmdService). Uncheck it and apply changes by pressing the Apply button.

3. Use HijackThis to fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O20 - AppInit_DLLs: repairs303169545.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VFM\command.exe

4. Now restart your system in Safe Mode. You MUST login as the Administrator!

5. Use Pocket KillBox to delete the following files:
c:\mousepad1.exe
c:\ucmoreiex.exe
C:\WINDOWS\VFM\command.exe
C:\WINDOWS\System32\repairs303169545.dll
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe

If Pocket KillBox cannot find the file specified, do not copy/paste the filename, but browse to it.

6. Allow Pocket KillBox to delete directories. Launch the tool, click on the Options menu and check Remove Directories. Then use Pocket KillBox to delete the following directories:
C:\Program Files\Common Files\VCClient
C:\WINDOWS\VFM
C:\Program Files\SurfSideKick

7. Restart your computer and run one of these tools (you have downloaded them earlier): LSP-Fix, WinsockXPFix. This should repair your system and allow it to access the Internet.

8. After you get done, run a new scan and post a fresh log here.
Logged
Triscadec
Newbie
*
Posts: 6


View Profile
« Reply #7 on: March 12, 2006, 08:03:13 PM »
OK.  After getting back from a small but important day trip, I think that I got everything removed.  IE seems to be working normally again, and I haven't had any strange behavior occur.  I also don't see any program files that I haven't installed myself, and I don't see any unrecognized icons anywhere.  

My only two last problems are that I cannot activate the firewall in WinXP Home, and my antivirus (Trend Micro Internet Security) can't activate the realtime scan feature.

Anyhow, here is my latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:50:07 PM, on 3/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Palm\Hotsync.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Documents and Settings\The Computer\Desktop\Temporary\Utilities\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.LNK = C:\Palm\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = C:\Palm\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.noaa.gov
O15 - Trusted Zone: http://housecall.trendmicro.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\System32\w9seq.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
Logged
Triscadec
Newbie
*
Posts: 6


View Profile
« Reply #8 on: March 12, 2006, 08:24:26 PM »
A couple of additional questions if you please.  The infected computer here is a desktop that is connected to a wireless router, a Lynksys WRT55AG.  I have the firewall activated on the router.  Do I need to have the firewall in my anitvirus software on as well, or is the router firewall sufficient?  

Once I got this bug on the desktop, I never turned my wifes wireless laptop on to connect with our home network.  If I had, would/could her laptop have been compromised through the network?  Could this malware have crossed the network and onto her machine?

Thank you so much for all of your help, I truly appreciate it.  I a wierd way, this has actually been a good learning experience, albeit a hard lesson, but one that I won't soon forget.

Tim
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #9 on: March 14, 2006, 04:33:14 AM »
Hi, Triscadec.

Congratulations! Your log looks clean now :wink:.

I highly recommend using a software firewall. The router's firewall protects you from outside threats like attacks from the Internet, intrusion attempts, worms, etc. However, it doesn't offer sufficient protection from parasites already installed to the system. This means that a trojan that you might accidentally install with some suspicious software will try to connect to its home servers in order to download more parasites. Neither the Windows Firewall, or most router firewalls will block it. That is why it is very important to have an advanced software firewall. The Windows Firewall is not enough! I recommend using a free version of Zone Labs Zone Alarm.

As for your wife's laptop, I think that it could be compromised too, as your system was infected with certain parasites able to spread by themselves. I suggest checking the laptop with powerful antivirus and anti-spyware software.

As I already said, the Windows Firewall is not enough. So there is no need to enable it. Just install a better product. It is difficult to say why Trend Micro Internet Security cannot activate the real-time protection. I can only suggest reinstalling this product.
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.