NewDotNet Virus/Browser Hijacker

chris01 · 06-17-2006, 09:27 AM

Hi all, new here.

I got a NewDotNet virus in my computer last week that wouldnt let me access the net but after running a few different programs i was able to get back online.
Im not sure how secure my computer is now so i was wondering if anyone could help me 'clean' it up if i post a Hijack This log?

Thanks in advance for any help.

chris01 · 06-17-2006, 09:52 AM

Here's the log.

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 21

46, on 15/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A39F50-FC7E-4741-99F1-AA5C662DD53F}: NameServer = 62.241.163.200 62.241.162.201
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\KService\KService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

**Deckard** · 06-17-2006, 04:34 PM

Hi and welcome to TSF!

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

**Deckard** · 06-17-2006, 05:07 PM

Hello chris01,

Your log looks clean but let's run through a few things. Are you currently experiencing any other issues on this computer now that NewDotNet is gone?

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Multiple Antivirus
I see you have two or more antivirus programs installed. Multiple antivirus programs can bog down your system, interfere with each other, and may even cause crashes. I highly recommend you remove all but one of them using the Add/Remove Programs in the Control Panel.

Downloads
Download and install CleanUp!. *WARNING* CleanUp! deletes EVERYTHING out of temp/temporary folders and does not make backups.

Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
- Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.
Click OK
Press the CleanUp! button to start the program.

Reboot if prompted. Close CleanUp!

Run Ewido
Open Ewido:

Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close Ewido anti-malware.

Update Java
We need to update your Java as it is out of date. Older versions can be a security risk as malware writers have been known exploit the weaknesses the code.

Go to Start > Control Panel double-click on the Software icon > Add/Remove Programs.
Sarch in the list for all previous installed versions of Java (Java 2 Runtime Environment SE and/or J2SE Runtime Environment) and Uninstall/Remove them.
Download and install the newest version from Sun.
After the reboot, go back into the Control Panel and double-click the Java icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL three checked:
- Downloaded Applets
- Downloaded Applications
- Other Files
Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan.

Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
Enter your e-mail address, country, and state and click Scan Now.
Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
Begin the scan by selecting My Computer. Note:
- Please turn off the real time scanner of any existing antivirus program while performing the online scan.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on See report then click Save report.
- It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

With Your Next Post...
Please paste the following with your next reply:

Ewido scan report
Panda Scan report
a new HiJackThis log taken after the Panda scan finishes.

chris01 · 06-18-2006, 07:00 AM

Quote:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:29:54, 17/06/2006
+ Report-Checksum: 2C45445C

+ Scan result:

:mozilla.26:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies-1.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\2nvfugux.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup

::Report End

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 14:51:07, on 17/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A39F50-FC7E-4741-99F1-AA5C662DD53F}: NameServer = 62.241.163.200 62.241.162.201
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\KService\KService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

The Panda Software wouldnt work for me for some reason, the pop up is working but its just a white screen and it says done. Ill try again in a while but here are the other two reports you asked for after scanning.

Thanks

**Deckard** · 06-18-2006, 08:14 PM

Hi chris01,

If you still can't get Panda to work for you, let's try Kaspersky's Online scan:

Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded, click on NEXT.
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database: Standard
- Scan Options: Scan Archives and Scan Mail Bases
Click OK
Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
Now under select a target to scan, select My Computer
The program will start and scan your system.
The scan will take a while so be patient and let it run all the way.
Once the scan is complete it will display if your system has been infected.
Click on the Save as Text button and save the file to your desktop.
Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

chris01 · 06-19-2006, 10:03 AM

Hi Deckard,

There was no report to give, it said no malware was detected on the computer. Which im guessing it a good sign.

**Deckard** · 06-19-2006, 12:31 PM

Hi chris01,

Most definitely a good sign. Any more issues? If not, you should be good to go but we still have a few items we'd like to address.

Reset System Restore

Go to Start>Run, type SYSDM.CPL and press Enter.
Select the System Restore tab.
Check "Turn off System Restore on all drives" and click Apply.
Now uncheck the same option and click OK.

Microsoft Updates
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection.

Please ensure that you have already patched your system against the recent WMF exploit. Go to this page to get the KB912919 patch.

Enable Windows Auto Update:

Go to Start>Run, type WUAUCPL.CPL and press Enter.
Make sure "Keep my computer up to date" is checked.
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Malware Prevention
This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them.

Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer".

The following is a list of free software we recommend:

Firewalls
A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use:

Realtime Malware Prevention Tools
These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time.

Passive Malware Prevention Tools
These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

Spyware Blaster - check regularly for updates.
IE-Spyad - Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them.
MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.

Alternative Miscellaneous
Here are some alternatives that are worth looking into if you use their features:

Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.)
Miranda-IM - another Instant Messenger client with multiple IM capabilities.
Desktop Weather - A taskbar weather program that is free and resource light.

Please respond to this thread one more time so we can mark this thread as resolved.

chris01 · 06-19-2006, 02:52 PM

Thanks for all your help Deckard, hopefully thats the end of my troubles.

Ive downloaded the patches you mentioned and have adaware, spyware guard and spyware blaster on my computer now.

Thanks again, much appreciated.

06-17-2006, 09:27 AM	#1 (permalink)
chris01 Registered User Join Date: Jun 2006 Location: Scotland Posts: 33 OS: XP	NewDotNet Virus/Browser Hijacker Hi all, new here. I got a NewDotNet virus in my computer last week that wouldnt let me access the net but after running a few different programs i was able to get back online. Im not sure how secure my computer is now so i was wondering if anyone could help me 'clean' it up if i post a Hijack This log? Thanks in advance for any help.

06-17-2006, 04:34 PM	#3 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Hi and welcome to TSF! I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply. Please be patient with me during this time. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

06-17-2006, 05:07 PM	#4 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Hello chris01, Your log looks clean but let's run through a few things. Are you currently experiencing any other issues on this computer now that NewDotNet is gone? Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any. Multiple Antivirus I see you have two or more antivirus programs installed. Multiple antivirus programs can bog down your system, interfere with each other, and may even cause crashes. I highly recommend you remove all but one of them using the Add/Remove Programs in the Control Panel. Downloads Download and install CleanUp!. WARNING CleanUp! deletes EVERYTHING out of temp/temporary folders and does not make backups. Run CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked. Click OK Press the CleanUp! button to start the program. Reboot if prompted. Close CleanUp! Run Ewido Open Ewido: Click on scanner Click on Complete System Scan and the scan will begin. You will be prompted to clean the first infection. Select "Perform action on all infections", then proceed. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop or a location where you can find it easily. Close Ewido anti-malware. Update Java We need to update your Java as it is out of date. Older versions can be a security risk as malware writers have been known exploit the weaknesses the code. Go to Start > Control Panel double-click on the Software icon > Add/Remove Programs. Sarch in the list for all previous installed versions of Java (Java 2 Runtime Environment SE and/or J2SE Runtime Environment) and Uninstall/Remove them. Download and install the newest version from Sun. After the reboot, go back into the Control Panel and double-click the Java icon. Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL three checked: Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker. Enter your e-mail address, country, and state and click Scan Now. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control. Begin the scan by selecting My Computer. Note: Please turn off the real time scanner of any existing antivirus program while performing the online scan. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report. It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report. With Your Next Post... Please paste the following with your next reply: Ewido scan report Panda Scan report a new HiJackThis log taken after the Panda scan finishes. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

06-18-2006, 08:14 PM	#6 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Hi chris01, If you still can't get Panda to work for you, let's try Kaspersky's Online scan: Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files. Once the files have been downloaded, click on NEXT. Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Standard Scan Options: Scan Archives and Scan Mail Bases Click OK Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done. Now under select a target to scan, select My Computer The program will start and scan your system. The scan will take a while so be patient and let it run all the way. Once the scan is complete it will display if your system has been infected. Click on the Save as Text button and save the file to your desktop. Copy and paste that information in your next post. Take note the names and locations of any file it detects but fails to clean. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

06-19-2006, 12:31 PM	#8 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Hi chris01, Most definitely a good sign. Any more issues? If not, you should be good to go but we still have a few items we'd like to address. Reset System Restore Go to Start>Run, type SYSDM.CPL and press Enter. Select the System Restore tab. Check "Turn off System Restore on all drives" and click Apply. Now uncheck the same option and click OK. Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection. Please ensure that you have already patched your system against the recent WMF exploit. Go to this page to get the KB912919 patch. Enable Windows Auto Update: Go to Start>Run, type WUAUCPL.CPL and press Enter. Make sure "Keep my computer up to date" is checked. Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Malware Prevention This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them. Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer". The following is a list of free software we recommend: Firewalls A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use: Sygate Personal Firewall ZoneAlarm Tiny Personal Firewall Sunbelt Kerio Personal Firewall Outpost Firewall PRO Realtime Malware Prevention Tools These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time. Spyware Guard Spybot Search & Destroy AdAware WinPatrol - with tutorial Passive Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources. Spyware Blaster - check regularly for updates. IE-Spyad - Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites. McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox. Alternative Miscellaneous Here are some alternatives that are worth looking into if you use their features: Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.) Miranda-IM - another Instant Messenger client with multiple IM capabilities. Desktop Weather - A taskbar weather program that is free and resource light. Please respond to this thread one more time so we can mark this thread as resolved. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

06-19-2006, 10:03 AM	#7 (permalink)
chris01 Registered User Join Date: Jun 2006 Location: Scotland Posts: 33 OS: XP	Hi Deckard, There was no report to give, it said no malware was detected on the computer. Which im guessing it a good sign.

06-19-2006, 02:52 PM	#9 (permalink)
chris01 Registered User Join Date: Jun 2006 Location: Scotland Posts: 33 OS: XP	Thanks for all your help Deckard, hopefully thats the end of my troubles. Ive downloaded the patches you mentioned and have adaware, spyware guard and spyware blaster on my computer now. Thanks again, much appreciated.